#VU94840 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU94840
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea
http://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f
http://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6
http://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46
http://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa
http://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da
http://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078cc542309
http://git.kernel.org/stable/c/ed7f2afdd0e043a397677e597ced0830b83ba0b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
