#VU95097 Input validation error in Linux kernel
Vulnerability identifier: #VU95097
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/4f314aadeed8cdf42c8cf30769425b5e44702748
http://git.kernel.org/stable/c/5ceb40cdee721e13cbe15a0515cacf984e11236b
http://git.kernel.org/stable/c/0a8a91932b2772e75bf3f6d133ca4225d1d3e920
http://git.kernel.org/stable/c/fa49c65a1cec6a3901ef884fdb24d98068b63493
http://git.kernel.org/stable/c/b6ded5316ec56e973dcf5f9997945aad01a9f062
http://git.kernel.org/stable/c/2b9c7787cfcd1e76d873a78f16cf45bfa4b100ea
http://git.kernel.org/stable/c/0d8b637c9c5eeaa1a4e3dfb336f3ff918eb64fec
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
