Vulnerability identifier: #VU91607
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818
http://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0
http://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7
http://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d
http://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316
http://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e
http://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf
http://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28
http://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.