Vulnerability identifier: #VU96421
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xennet_close(), xennet_poll_controller() and xennet_destroy_queues() functions in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/198cdc287769c717dafff5887c6125cb7a373bf3
http://git.kernel.org/stable/c/b40c912624775a21da32d1105e158db5f6d0554a
http://git.kernel.org/stable/c/a1753d5c29a6fb9a8966dcf04cb4f3b71e303ae8
http://git.kernel.org/stable/c/a63eb1e4a2e1a191a90217871e67fba42fd39255
http://git.kernel.org/stable/c/47e2f166ed9fe17f24561d6315be2228f6a90209
http://git.kernel.org/stable/c/dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.