#VU94121 Input validation error in Linux kernel
Vulnerability identifier: #VU94121
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a
http://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be
http://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d
http://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7
http://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41
http://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a
http://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252
http://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
