#VU97508 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU97508
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826
http://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553
http://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650
http://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec
http://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653
http://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114
http://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5
http://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
