#VU93152 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93152
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the emulator_cmpxchg_emulated() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a9bd6bb6f02bf7132c1ab192ba62bbfa52df7d66
http://git.kernel.org/stable/c/726374dde5d608b15b9756bd52b6fc283fda7a06
http://git.kernel.org/stable/c/9d1b22e573a3789ed1f32033ee709106993ba551
http://git.kernel.org/stable/c/225d587a073584946c05c9b7651d637bd45c0c71
http://git.kernel.org/stable/c/910c57dfa4d113aae6571c2a8b9ae8c430975902
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
