#VU96878 Buffer overflow in Linux kernel
Vulnerability identifier: #VU96878
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e
http://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8
http://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6
http://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346
http://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763
http://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed
http://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c
http://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
