Vulnerability identifier: #VU96542
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0
http://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2
http://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705
http://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666
http://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707
http://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600
http://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab
http://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.