#VU92987 Resource management error in Linux kernel
Vulnerability identifier: #VU92987
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70
http://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4
http://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1
http://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1
http://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b
http://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6
http://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac
http://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
