#VU98367 Improper locking in Linux kernel
Vulnerability identifier: #VU98367
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf
http://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a
http://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b
http://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876
http://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06
http://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc
http://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe7f7737b
http://git.kernel.org/stable/c/6576dd6695f2afca3f4954029ac4a64f82ba60ab
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
