#VU93036 Improper locking in Linux kernel
Vulnerability identifier: #VU93036
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9
http://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256
http://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab
http://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4
http://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5
http://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718
http://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a
http://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
