Vulnerability identifier: #VU93839
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051
http://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b
http://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100
http://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
http://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75
http://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73
http://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f
http://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.