#VU93374 Race condition in Linux kernel
Vulnerability identifier: #VU93374
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972
http://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087
http://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a
http://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487
http://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea
http://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
