Vulnerability identifier: #VU87986
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the i2c_put_adapter() function in drivers/i2c/i2c-core-base.c. A local user can trigger a use-after-free error and crash the kernel.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a
http://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829
http://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87
http://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9
http://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7
http://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4
http://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d
http://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.