#VU88890 Input validation error in Linux kernel


Published: 2024-04-22

Vulnerability identifier: #VU88890

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46990

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058
http://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a
http://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b
http://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8
http://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508
http://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92
http://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d
http://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf
http://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux
Denial of service in Linux kernel powerpc