Vulnerability identifier: #VU93297
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kernel_page_present() function in arch/arm64/mm/pageattr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/813f5213f2c612dc800054859aaa396ec8ad7069
http://git.kernel.org/stable/c/f7e71a7cf399f53ff9fc314ca3836dc913b05bd6
http://git.kernel.org/stable/c/31f815cb436082e72d34ed2e8a182140a73ebdf4
http://git.kernel.org/stable/c/022b19ebc31cce369c407617041a3db810db23b3
http://git.kernel.org/stable/c/50449ca66cc5a8cbc64749cf4b9f3d3fc5f4b457
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.