Vulnerability identifier: #VU96359
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the da9211_i2c_probe() function in drivers/regulator/da9211-regulator.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1c1afcb8839b91c09d211ea304faa269763b1f91
http://git.kernel.org/stable/c/f75cde714e0a67f73ef169aa50d4ed77d04f7236
http://git.kernel.org/stable/c/d443308edbfb6e9e757b478af908515110d1efd5
http://git.kernel.org/stable/c/d4aa749e046435f054e94ebf50cad143d6229fae
http://git.kernel.org/stable/c/470f6a9175f13a53810734658c35cc5bba33be01
http://git.kernel.org/stable/c/ad1336274f733a7cb1f87b5c5908165a2c14df53
http://git.kernel.org/stable/c/02228f6aa6a64d588bc31e3267d05ff184d772eb
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.