Vulnerability identifier: #VU91084
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f
http://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734
http://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece
http://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a
http://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a
http://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a
http://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb
http://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.