Main Vulnerability Database Vulnerabilities #VU8816

#VU8816 Use-after-free in Linux kernel - CVE-2017-15265

Published: October 12, 2017 / Updated: October 13, 2017

Vulnerability identifier: #VU8816

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-15265

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html

#VU8816 Use-after-free in Linux kernel - CVE-2017-15265

Description

Remediation

External links

Please verify you're human