#VU93097 Resource exhaustion in Linux kernel
Vulnerability identifier: #VU93097
Vulnerability risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379
http://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184
http://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847
http://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae
http://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e
http://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
