Vulnerability identifier: #VU90858
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed
http://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982
http://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b
http://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3
http://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16
http://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719
http://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8
http://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.