Vulnerability identifier: #VU89261
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-833
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to deadlock within the inhfsplus_file_truncate() function in fs/hfsplus/extents.c. A local user can crash the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/52dde855663e5db824af51db39b5757d2ef3e28a
http://git.kernel.org/stable/c/c451a6bafb5f422197d31536f82116aed132b72c
http://git.kernel.org/stable/c/adbd8a2a8cc05d9e501f93e5c95c59307874cc99
http://git.kernel.org/stable/c/c477f62db1a0c0ecaa60a29713006ceeeb04b685
http://git.kernel.org/stable/c/97314e45aa1223a42d60256a62c5d9af54baf446
http://git.kernel.org/stable/c/c3187cf32216313fb316084efac4dab3a8459b1d
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.