Vulnerability identifier: #VU90334
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn301_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/42442f74314d41ddc68227047036fa3e78940054
http://git.kernel.org/stable/c/efdd665ce1a1634b8c1dad5e7f6baaef3e131d0a
http://git.kernel.org/stable/c/cd9bd10c59e3c1446680514fd3097c5b00d3712d
http://git.kernel.org/stable/c/a938eab9586eea31cfd129a507f552efae14d738
http://git.kernel.org/stable/c/58fca355ad37dcb5f785d9095db5f748b79c5dc2
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.