Vulnerability identifier: #VU96400
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the men_z188_probe() function in drivers/iio/adc/men_z188_adc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d
http://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45
http://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e
http://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190
http://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5
http://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb
http://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638
http://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.