#VU93785 Improper locking in Linux kernel
Vulnerability identifier: #VU93785
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7d420eaaa18ec8e2bb4eeab8c65c00492ef6f416
http://git.kernel.org/stable/c/542c8b3c774a480bfd0804291a12f6f2391b0cd1
http://git.kernel.org/stable/c/75abfd61392b1db391bde6d738a30d685b843286
http://git.kernel.org/stable/c/2b1b14d9fc94b8feae20808684c8af28ec80f45b
http://git.kernel.org/stable/c/52982edfcefd475cc34af663d5c47c0cddaa5739
http://git.kernel.org/stable/c/fd244524c2cf07b5f4c3fe8abd6a99225c76544b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
