Vulnerability identifier: #VU95051
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7435bd2f84a25aba607030237261b3795ba782da
http://git.kernel.org/stable/c/96103371091c6476eb07f4c66624bdd1b42f758a
http://git.kernel.org/stable/c/a0cafb7b0b94d18e4813ee4b712a056f280e7b5a
http://git.kernel.org/stable/c/feac2391e26b086f73be30e9b1ab215eada8d830
http://git.kernel.org/stable/c/b4eb25a3d70df925a9fa4e82d17a958a0a228f5f
http://git.kernel.org/stable/c/522c3336c2025818fa05e9daf0ac35711e55e316
http://git.kernel.org/stable/c/9f9c79d8e527d867e0875868b14fb76e6011e70c
http://git.kernel.org/stable/c/cf28ff8e4c02e1ffa850755288ac954b6ff0db8c
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.