Vulnerability identifier: #VU61211
Vulnerability risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-909
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
http://www.spinics.net/lists/stable/msg531976.html
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
http://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.