Vulnerability identifier: #VU90343
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc
http://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225
http://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1
http://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9
http://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234
http://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d
http://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1
http://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.