#VU17760 Use-after-free in Linux kernel
Vulnerability identifier: #VU17760
Vulnerability risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code.
The weakness exists due to exists due to use-after-free error when using emulated vmx preemption timer. An adjacent attacker can cause the service to crash or execute arbitrary code with elevated privileges.
Mitigation
The vulnerability has been addressed in the versions 4.9.156, 4.14.99, 4.19.21, 4.20.8.
Vulnerable software versions
Linux kernel: 4.9 - 4.9.155, 4.14.0 - 4.14.98, 4.19 - 4.19.20, 4.20 - 4.20.7, 4.4 - 4.4.174
External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.175
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
