#VU93589 Resource management error in Linux kernel
Vulnerability identifier: #VU93589
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the scsi_device_dev_release_usercontext() function in drivers/scsi/scsi_sysfs.c, within the EXPORT_SYMBOL() function in drivers/scsi/scsi.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1105573d964f7b78734348466b01f5f6ba8a1813
http://git.kernel.org/stable/c/8e4814a461787e15a31d322d9efbe0d4f6822428
http://git.kernel.org/stable/c/61a0faa89f21861d1f8d059123b5c285a5d9ffee
http://git.kernel.org/stable/c/c2df161f69fb1c67f63adbd193368b47f511edc0
http://git.kernel.org/stable/c/1ce287eff9f23181d5644db787f472463a61f68b
http://git.kernel.org/stable/c/7b57c38d12aed1b5d92f74748bed25e0d041729f
http://git.kernel.org/stable/c/f30822c0b4c35ec86187ab055263943dc71a6836
http://git.kernel.org/stable/c/f2b85040acec9a928b4eb1b57a989324e8e38d3f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
