#VU95018 Improper error handling in Linux kernel
Vulnerability identifier: #VU95018
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the j1939_xtp_rx_rts_session_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ed581989d7ea9df6f8646beba2341e32cd49a1f9
http://git.kernel.org/stable/c/f6c839e717901dbd6b1c1ca807b6210222eb70f6
http://git.kernel.org/stable/c/1762ca80c2b72dd1b5821c5e347713ae696276ea
http://git.kernel.org/stable/c/26b18dd30e63d4fd777be429148e8e4ed66f60b2
http://git.kernel.org/stable/c/177e33b655d35d72866b50aec84307119dc5f3d4
http://git.kernel.org/stable/c/0bc0a7416ea73f79f915c9a05ac0858dff65cfed
http://git.kernel.org/stable/c/d3e2904f71ea0fe7eaff1d68a2b0363c888ea0fb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
