Vulnerability identifier: #VU94403
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/32048f4be071f9a6966744243f1786f45bb22dc2
http://git.kernel.org/stable/c/cfe5f6fd335d882bcc829a1c8a7d462a455c626e
http://git.kernel.org/stable/c/c9fc422c9a43e3d58d246334a71f3390401781dc
http://git.kernel.org/stable/c/0042178a69eb77a979e36a50dcce9794a3140ef8
http://git.kernel.org/stable/c/72a8aee863af099d4434314c4536d6c9a61dcf3c
http://git.kernel.org/stable/c/3e078b18753669615301d946297bafd69294ad2c
http://git.kernel.org/stable/c/ebe2b1add1055b903e2acd86b290a85297edc0b3
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.