#VU94963 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU94963
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e
http://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a
http://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d
http://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07
http://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef
http://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9
http://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e
http://git.kernel.org/stable/c/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
