Vulnerability identifier: #VU94841
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9
http://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319
http://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2
http://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146
http://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a
http://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb
http://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e545c598a5
http://git.kernel.org/stable/c/049584807f1d797fc3078b68035450a9769eb5c3
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.