Vulnerability identifier: #VU91436
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-366
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c
http://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663
http://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900
http://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855
http://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.