#VU93139 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93139
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/22bcb65ea41072ab5d03c0c6290e04e0df6d09a0
http://git.kernel.org/stable/c/62c182b5e763e5f4062e72678e72ce3e02dd4d1b
http://git.kernel.org/stable/c/01c2dcb67e71c351006dd17cbba86c26b7f61eaf
http://git.kernel.org/stable/c/dec944bb7079b37968cf69c8a438f91f15c4cc61
http://git.kernel.org/stable/c/e54abefe703ab7c4e5983e889babd1447738ca42
http://git.kernel.org/stable/c/ff0e50d3564f33b7f4b35cadeabd951d66cfc570
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
