Vulnerability identifier: #VU90859
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b
http://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d
http://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c
http://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249
http://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4
http://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b
http://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb
http://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.