#VU94257 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU94257
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5
http://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d
http://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12
http://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf
http://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef
http://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914
http://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
