#VU95001 Input validation error in Linux kernel
Vulnerability identifier: #VU95001
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab
http://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3
http://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6
http://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69
http://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e
http://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2
http://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14
http://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
