Vulnerability identifier: #VU90660
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/94c742324ed7e42c5bd6a9ed22e4ec6d764db4d8
http://git.kernel.org/stable/c/2aa141f8bc580f8f9811dfe4e0e6009812b73826
http://git.kernel.org/stable/c/d4a9aa7db574a0da64307729cc031fb68597aa8b
http://git.kernel.org/stable/c/0049fe7e4a85849bdd778cdb72e51a791ff3d737
http://git.kernel.org/stable/c/d4a714873db0866cc471521114eeac4a5072d548
http://git.kernel.org/stable/c/0e8d2444168dd519fea501599d150e62718ed2fe
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.