#VU92988 Resource management error in Linux kernel
Vulnerability identifier: #VU92988
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/69836d9329f0b4c58faaf3d886a7748ddb5bf718
http://git.kernel.org/stable/c/da7ece2197101b1469853e6b5e915be1e3896d52
http://git.kernel.org/stable/c/f89bd27709376d37ff883067193320c58a8c1d5a
http://git.kernel.org/stable/c/03ad5ad53e51abf3a4c7538c1bc67a5982b41dc5
http://git.kernel.org/stable/c/ad10289f68f45649816cc68eb93f45fd5ec48a15
http://git.kernel.org/stable/c/15a3fc5c8774c17589dabfe1d642d40685c985af
http://git.kernel.org/stable/c/ef02d8edf738557af2865c5bfb66a03c4e071be7
http://git.kernel.org/stable/c/360a7d1be8112654f1fb328ed3862be630bca3f4
http://git.kernel.org/stable/c/65e8fbde64520001abf1c8d0e573561b4746ef38
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
