#VU93141 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93141
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/560edd14de2bf9dbc0129681eeb4d5ef87cc105f
http://git.kernel.org/stable/c/8e6bfb4f70168ddfd32fb6dc028ad52faaf1f32e
http://git.kernel.org/stable/c/a3a089c241cd49b33a8cdd7fcb37cc87a086912a
http://git.kernel.org/stable/c/b05caf023b14cbed9223bb5b48ecc7bffe38f632
http://git.kernel.org/stable/c/f1b98569e81c37d7e0deada7172f8f60860c1360
http://git.kernel.org/stable/c/fa9b6b6c953e3f6441ed6cf83b4c771dac2dae08
http://git.kernel.org/stable/c/5314454ea3ff6fc746eaf71b9a7ceebed52888fa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
