Vulnerability identifier: #VU90929
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71
http://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1
http://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537
http://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1
http://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1
http://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f
http://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6
http://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.