#VU96304 Resource management error in Linux kernel
Vulnerability identifier: #VU96304
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9
http://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d
http://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f
http://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086
http://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27
http://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142
http://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd
http://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
