#VU95024 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU95024
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9
http://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2
http://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4
http://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a
http://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb
http://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c
http://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051
http://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
