#VU16551 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU16551
Vulnerability risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to the mq_notify function does not set the sock pointer to NULL upon entry into the retry logic. A remote attacker can trigger use-after-free error during a user-space close of a Netlink socket and cause the service to crash.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 4.11 - 4.11.9, 4.10.0 - 4.10.17
External links
http://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
