#VU94087 Improper error handling in Linux kernel
Vulnerability identifier: #VU94087
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f221bd58db0f6ca087ac0392284f6bce21f4f8ea
http://git.kernel.org/stable/c/22469a0335a1a1a690349b58bcb55822457df81e
http://git.kernel.org/stable/c/461a760d578b2b2c2faac3040b6b7c77baf128f8
http://git.kernel.org/stable/c/c1929c041a262a4a27265db8dce3619c92aa678c
http://git.kernel.org/stable/c/3fd487ffaa697ddb05af78a75aaaddabe71c52b0
http://git.kernel.org/stable/c/9f2ad88f9b349554f64e4037ec185c84d7dd9c7d
http://git.kernel.org/stable/c/c27a2f7668e215c1ebbccd96fab27a220a93f1f7
http://git.kernel.org/stable/c/ffbf4fb9b5c12ff878a10ea17997147ea4ebea6f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
