Vulnerability identifier: #VU93326
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8
http://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f
http://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a
http://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46
http://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691
http://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3
http://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.