#VU94987 Improper locking in Linux kernel
Vulnerability identifier: #VU94987
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e
http://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29
http://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4
http://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77
http://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b
http://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92
http://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68
http://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
