#VU93390 Resource management error in Linux kernel
Vulnerability identifier: #VU93390
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364
http://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67
http://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350
http://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4
http://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05
http://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594
http://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7
http://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405
http://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
