#VU94951 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU94951
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_statfs() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924
http://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167
http://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715
http://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed
http://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450
http://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047
http://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5
http://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
