#VU92977 Buffer overflow in Linux kernel
Vulnerability identifier: #VU92977
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676
http://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10
http://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f
http://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b
http://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56
http://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0
http://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2
http://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
