Vulnerability identifier: #VU91240
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ae4acad41b0f93f1c26cc0fc9135bb79d8282d0b
http://git.kernel.org/stable/c/ec1bedd797588fe38fc11cba26d77bb1d9b194c6
http://git.kernel.org/stable/c/fb7bcd1722bc9bc55160378f5f99c01198fd14a7
http://git.kernel.org/stable/c/686820fe141ea0220fc6fdfc7e5694f915cf64b2
http://git.kernel.org/stable/c/b2dd7b953c25ffd5912dda17e980e7168bebcf6c
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.