#VU93038 Improper locking in Linux kernel
Vulnerability identifier: #VU93038
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9
http://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30
http://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94
http://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba
http://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec
http://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458
http://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869
http://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
