#VU93805 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93805
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/bcf4a115a5068f3331fafb8c176c1af0da3d8b19
http://git.kernel.org/stable/c/8ffd5590f4d6ef5460acbeac7fbdff7025f9b419
http://git.kernel.org/stable/c/56cfbe60710772916a5ba092c99542332b48e870
http://git.kernel.org/stable/c/b5085b5ac1d96ea2a8a6240f869655176ce44197
http://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398
http://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b
http://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b
http://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08
http://git.kernel.org/stable/c/2a3073d58382157ab396734ed4e421ba9e969db1
http://git.kernel.org/stable/c/34925d01baf3ee62ab21c21efd9e2c44c24c004a
http://git.kernel.org/stable/c/2450a69d2ee75d1f0112d509ac82ef98f5ad6b5f
http://git.kernel.org/stable/c/26ebeffff238488466fa578be3b35b8a46e69906
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
