Vulnerability identifier: #VU88886
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the adjust_ptr_min_max_vals() function in kernel/bpf/verifier.c. A local user can crash the OS kernel.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0
http://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8
http://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d
http://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3
http://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.