Vulnerability identifier: #VU47220
Vulnerability risk: Medium
CVSSv3.1: 4.9 [AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read that occurs leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.
Mitigation
Update to version 5.9.0.
Vulnerable software versions
Linux kernel: 2.2.3 - 2.2.27, 2.3.0 - 2.3.99, 2.4.0 - 2.4.37.11, 2.5.0 - 2.5.75, 2.6_test9_cvs - 2.6.39.4, 3.0 - 3.0.101, 3.1 - 3.19.8, 3.2 - 3.25, 3.3 rc1 - 3.3.8, 3.4 - 3.4.113, 3.5 - 3.5.7, 3.6 - 3.6.11, 3.7 - 3.7.10, 3.8 - 3.8.13, 3.9 - 3.9.11, 4.0 - 4.0.9, 4.1 - 4.19.124, 4.2 - 4.20.17, 4.3 - 4.3.6, 4.4 - 4.4.224, 4.5 rc1 - 4.5.7, 4.6 rc1 - 4.6.7, 4.7 - 4.7.10, 4.8 - 4.8.17, 4.9 - 4.9.224, 5.0 - 5.0.21, 5.1 rc1 - 5.1.21, 5.2 - 5.2.21, 5.3 - 5.3.18, 5.4 - 5.4.42, 5.5 - 5.5.19, 5.6 - 5.6.14, 5.7 - 5.7.7, 5.8.0
External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50145474f6ef4a9c19205b173da6264a644c7489
http://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
http://seclists.org/oss-sec/2020/q3/174
http://www.openwall.com/lists/oss-security/2020/09/15/2
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.