Vulnerability identifier: #VU92046
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e
http://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6
http://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7
http://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56
http://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0
http://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6
http://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a
http://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.