#VU99211 Input validation error in Linux kernel
Vulnerability identifier: #VU99211
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714
http://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c
http://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750
http://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2
http://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9
http://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191
http://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae
http://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
