#VU96427 Improper locking in Linux kernel
Vulnerability identifier: #VU96427
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the srp_remove_one() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8cc342508f9e7fdccd2e9758ae9d52aff72dab7f
http://git.kernel.org/stable/c/4752fafb461821f8c8581090c923ababba68c5bd
http://git.kernel.org/stable/c/d7997d19dfa7001ca41e971cd9efd091bb195b51
http://git.kernel.org/stable/c/901206f71e6ad2b2e7accefc5199a438d173c25f
http://git.kernel.org/stable/c/99eb8d694174c777558dc902d575d1997d5ca650
http://git.kernel.org/stable/c/c8b56e51aa91b8e7df3a98388dce3fdabd15c1d4
http://git.kernel.org/stable/c/98d056603ce55ceb90631b3927151c190dfb1b27
http://git.kernel.org/stable/c/081bdc9fe05bb23248f5effb6f811da3da4b8252
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
