#VU96934 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU96934
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b2f54ed7739dfdf42c4df0a11131aad7c8635464
http://git.kernel.org/stable/c/fa58d9db5cad4bb7bb694b6837e3b96d87554f2b
http://git.kernel.org/stable/c/b49c6e5dd236787f13a062ec528d724169f11152
http://git.kernel.org/stable/c/6c01ef65de0b321b2db1ef9abf8f1d15862b937e
http://git.kernel.org/stable/c/d9ef84a7c222497ecb5fdf93361c76931804825e
http://git.kernel.org/stable/c/0143f282b15f7cedc0392ea10050fb6000fd16e6
http://git.kernel.org/stable/c/41b7181a40af84448a2b144fb02d8bf32b7e9a23
http://git.kernel.org/stable/c/7bf744f2de0a848fb1d717f5831b03db96feae89
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
