#VU93595 Resource management error in Linux kernel
Vulnerability identifier: #VU93595
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb
http://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe
http://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3
http://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6
http://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d
http://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
