#VU94256 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU94256
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/dfd84ce41663be9ca3f69bd657c45f49b69344d9
http://git.kernel.org/stable/c/6d540b0317901535275020bd4ac44fac6439ca76
http://git.kernel.org/stable/c/0ccc63958d8373e15a69f4f8069f3e78f7f3898a
http://git.kernel.org/stable/c/43e1eefb0b2094e2281150d87d09e8bc872b9fba
http://git.kernel.org/stable/c/642f89daa34567d02f312d03e41523a894906dae
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
