#VU94304 Resource management error in Linux kernel
Vulnerability identifier: #VU94304
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8
http://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76
http://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2
http://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93
http://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930
http://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
