#VU95093 Input validation error in Linux kernel
Vulnerability identifier: #VU95093
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9
http://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c
http://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98
http://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6
http://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3
http://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99
http://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321
http://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
