#VU96444 Resource management error in Linux kernel
Vulnerability identifier: #VU96444
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM(), configfs_register_subsystem() and configfs_unregister_subsystem() functions in fs/configfs/dir.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622
http://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77
http://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe
http://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a
http://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b
http://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc
http://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21aabff975
http://git.kernel.org/stable/c/84ec758fb2daa236026506868c8796b0500c047d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
