Vulnerability identifier: #VU90841
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611
http://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e
http://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b
http://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7
http://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1
http://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532
http://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74
http://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.