This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized resources in vDPA with VDUSE backend in Linux kernel. A local user can pass specially crafted data to the Virtio drivers, trigger uninitialized usage of resources and gain access to sensitive information.
Install updates from vendor's website.Vulnerable software versions
Linux kernel: All versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?