Linux Kernel irda_bind() Function Memory Consumption Denial of Service VulnerabilitySeptember 7, 2018 am30 2:29 am

A vulnerability in the irda_bind() function of the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper memory operations performed by the affected software when the irda_bind() function, as defined in the net/irda/af_irda.c source code file, is used. An attacker could exploit this vulnerability by repeatedly binding an AF_IRDA socket. A successful exploit could exhaust memory resources, resulting in a DoS condition on the targeted system.

At the time this alert was first published, suggested patches were available; however, Kernel.org had not confirmed the vulnerability.

Security Impact Rating: Medium

CVE: CVE-2018-6554

%d bloggers like this: