#VU93063 Infinite loop in Linux kernel
Vulnerability identifier: #VU93063
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e
http://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a
http://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b
http://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb
http://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e
http://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533
http://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1
http://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87
http://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
