#VU93647 Resource management error in Linux kernel
Vulnerability identifier: #VU93647
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7ea0f29d9fd84905051be020c0df7d557e286136
http://git.kernel.org/stable/c/7c972c89457511007dfc933814c06786905e515c
http://git.kernel.org/stable/c/417b8a91f4e8831cadaf85c3f15c6991c1f54dde
http://git.kernel.org/stable/c/b8094c0f1aae329b1c60a275a780d6c2c9ff7aa3
http://git.kernel.org/stable/c/4961acdd65c956e97c1a000c82d91a8c1cdbe44b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
