Vulnerability identifier: #VU94453
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_rules_init() function in net/ipv6/ip6mr.c, within the ipmr_rules_init() function in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/80c529322600dfb1f985b5e3f14c3c6f522ce154
http://git.kernel.org/stable/c/b541845dfc4e7df551955e70deec0921d6b297c3
http://git.kernel.org/stable/c/12b6703e9546902c56b4b9048b893ad49d62bdd4
http://git.kernel.org/stable/c/16dcfde98a25340ff0f7879a16bea141d824a196
http://git.kernel.org/stable/c/09ac0fcb0a82d647f2c61d3d488d367b7ee5bd51
http://git.kernel.org/stable/c/3cab045c99dbb9a94eb2d1d405f399916eec698a
http://git.kernel.org/stable/c/feb9597e22755dce782aae26ac0590c06737e049
http://git.kernel.org/stable/c/5611a00697c8ecc5aad04392bea629e9d6a20463
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.