#VU93084 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU93084
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f4c4e07140687f42bfa40e091bb4a55d7960ce4d
http://git.kernel.org/stable/c/446045cf682af12d9294765f6c46084b374b5654
http://git.kernel.org/stable/c/09d16cee6285d37cc76311c29add6d97a7e4acda
http://git.kernel.org/stable/c/05ec8192ee4bfdf2a8894a68350dac9f1a155fa6
http://git.kernel.org/stable/c/1f50392650ae794a1aea41c213c6a3e1c824413c
http://git.kernel.org/stable/c/20fd40fc6f2c2b41dc6f637f88d494b14e9c21f1
http://git.kernel.org/stable/c/1ea500ce6f7c9106e4a561d28e69215f3d451818
http://git.kernel.org/stable/c/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
