#VU17760 Use-after-free in Linux kernel - CVE-2019-7221
Published: February 19, 2019 / Updated: May 30, 2020
Vulnerability identifier: #VU17760
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-7221
CWE-ID: CWE-416
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code.
The weakness exists due to exists due to use-after-free error when using emulated vmx preemption timer. An adjacent attacker can cause the service to crash or execute arbitrary code with elevated privileges.
The weakness exists due to exists due to use-after-free error when using emulated vmx preemption timer. An adjacent attacker can cause the service to crash or execute arbitrary code with elevated privileges.
Remediation
The vulnerability has been addressed in the versions 4.9.156, 4.14.99, 4.19.21, 4.20.8.
External links
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.175