#VU95062 Resource management error in Linux kernel
Vulnerability identifier: #VU95062
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c
http://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5
http://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3
http://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
