Use-after-free in Linux Kernel modify_ldt()

Published: 2019-07-10 02:11:26 | Updated: 2019-07-10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-13233
CVSSv3 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 5.1.1
Linux kernel 5.1.2
Linux kernel 5.1.3

Show more

Vendor URL Linux Foundation

Security Advisory

1) Use-after-free

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the arch/x86/lib/insn-eval.c file due to a race condition between modify_ldt() and a #BR exception for an MPX bounds violation when accessing LDT entry. A local user can create a specially crafted application and escalate privileges on the system.

Remediation

Install updates from vendor's website.

External links

https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd6b0fcd3421e8a4323
https://github.com/torvalds/linux/commit/de9f869616dd95e95c00bdd6b0fcd3421e8a4323

Back to List