Privilege escalation in Linux kernel ipv4 implementation
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-46936 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU88892
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsLinux kernel: before 4.14.261
External linkshttp://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022
http://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a
http://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4
http://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566
http://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69
http://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4
http://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13
http://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
