#VU94258 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU94258
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2
http://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79
http://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347
http://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c
http://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee
http://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea
http://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa
http://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
