#VU93375 Race condition in Linux kernel
Vulnerability identifier: #VU93375
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270
http://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214
http://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485
http://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4
http://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1
http://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4
http://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf
http://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
