Vulnerability identifier: #VU93614
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68
http://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6
http://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28
http://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55
http://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2
http://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56
http://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304
http://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.