#VU17555 Race condition in Linux kernel
Vulnerability identifier: #VU17555
Vulnerability risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition.
The weakness exists due to exists due to a race condition that causes the kvm_ioctl_create_device function, as defined in the virt/kvm/kvm_main.c source code file of the affected software, to improperly handle reference counting. An adjacent attacker can access the system and execute an application that submits malicious input, trigger a use-after-free condition and cause a targeted guest virtual machine to crash, resulting in a DoS condition. In addition, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.
Mitigation
The vulnerability has been addressed in the versions 4.9.156, 4.14.99, 4.19.21, 4.20.8.
Vulnerable software versions
Linux kernel: 4.9 - 4.9.155, 4.14.0 - 4.14.98, 4.19 - 4.19.20, 4.20 - 4.20.7, 4.4 - 4.4.175
External links
http://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.176
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
