#VU94996 Improper locking in Linux kernel
Vulnerability identifier: #VU94996
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d
http://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f
http://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860
http://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2
http://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca
http://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c
http://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02
http://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4
http://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
