#VU97269 Input validation error in Linux kernel
Vulnerability identifier: #VU97269
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62
http://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e
http://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc
http://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4
http://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb
http://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2
http://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
