Vulnerability identifier: #VU93058
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783
http://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c
http://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776
http://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3
http://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.