Vulnerability identifier: #VU93282
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/0c7478a2da3f5fe106b4658338873d50c86ac7ab
http://git.kernel.org/stable/c/4f7dad73df4cdb2b7042103d3922745d040ad025
http://git.kernel.org/stable/c/de3e9d8e8d1ae0a4d301109d1ec140796901306c
http://git.kernel.org/stable/c/b427f55e9d4185f6f17cc1e3296eb8d0c4425283
http://git.kernel.org/stable/c/abe4eaa8618bb36c2b33e9cdde0499296a23448c
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.