#VU97503 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU97503
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
http://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
http://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
http://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
http://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
http://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
http://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
http://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
