#VU93626 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93626
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/555a70f7fff03bd669123487905c47ae27dbdaac
http://git.kernel.org/stable/c/ed1f67465327cec4457bb988775245b199da86e6
http://git.kernel.org/stable/c/a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb
http://git.kernel.org/stable/c/3ed8832aeaa9a37b0fc386bb72ff604352567c80
http://git.kernel.org/stable/c/630146203108bf6b8934eec0dfdb3e46dcb917de
http://git.kernel.org/stable/c/7eeacc6728c5478e3c01bc82a1f08958eaa12366
http://git.kernel.org/stable/c/dabe299425b1a53a69461fed7ac8922ea6733a25
http://git.kernel.org/stable/c/a506bd5756290821a4314f502b4bafc2afcf5260
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
