| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2019-13233 |
| CVSSv3 |
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
| CWE ID |
CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel |
| Vulnerable software versions |
Linux kernel 5.1.1 Linux kernel 5.1.2 Linux kernel 5.1.3 Show more |
| Vendor URL | Linux Foundation |
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch/x86/lib/insn-eval.c file due to a race condition between modify_ldt() and a #BR exception for an MPX bounds violation when accessing LDT entry. A local user can create a specially crafted application and escalate privileges on the system.
RemediationInstall updates from vendor's website.
External linkshttps://bugs.chromium.org/p/project-zero/issues/detail?id=1879
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd6b0fcd3421e8a4323
https://github.com/torvalds/linux/commit/de9f869616dd95e95c00bdd6b0fcd3421e8a4323