Vulnerability identifier: #VU97833
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5
http://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84
http://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874
http://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6
http://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf
http://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc
http://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2
http://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.