Vulnerability identifier: #VU94434
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_bMaxPacketSize0(), hub_port_init(), hub_port_connect() and usb_reset_and_verify_device() functions in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/9d241c5d9a9b7ad95c90c6520272fe404d5ac88f
http://git.kernel.org/stable/c/7fe9d87996062f5eb0ca476ad0257f79bf43aaf5
http://git.kernel.org/stable/c/8186596a663506b1124bede9fde6f243ef9f37ee
http://git.kernel.org/stable/c/b4a074b1fb222164ed7d5c0b8c922dc4a0840848
http://git.kernel.org/stable/c/b9fbfb349eacc0820f91c797d7f0a3ac7a4935b5
http://git.kernel.org/stable/c/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.