#VU95014 Improper error handling in Linux kernel
Vulnerability identifier: #VU95014
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13
http://git.kernel.org/stable/c/25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8
http://git.kernel.org/stable/c/17fe8b75aaf0bb1bdc31368963446b421c22d0af
http://git.kernel.org/stable/c/0a487e977cb8897ae4c51ecd34bbaa2b005266c9
http://git.kernel.org/stable/c/04d531b9a1875846d4f89953b469ad463aa7a770
http://git.kernel.org/stable/c/b5daf9217a50636a969bc1965f827878aeb09ffe
http://git.kernel.org/stable/c/a6683c690bbfd1f371510cb051e8fa49507f3f5e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
