Vulnerability identifier: #VU93040
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931
http://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695
http://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b
http://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36
http://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247
http://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21ec827b20
http://git.kernel.org/stable/c/d782a2db8f7ac49c33b9ca3e835500a28667d1be
http://git.kernel.org/stable/c/3df463865ba42b8f88a590326f4c9ea17a1ce459
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.