Vulnerability identifier: #VU90475
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irtoy_tx() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae
http://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff
http://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef
http://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e
http://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621
http://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.