#VU97184 Improper Initialization in Linux kernel
Vulnerability identifier: #VU97184
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-665
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
http://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8
http://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b
http://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227
http://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7
http://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c
http://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61
http://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
