Vulnerability identifier: #VU96885
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe
http://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05
http://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148
http://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463
http://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79
http://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
http://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506
http://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.