#VU41532 Use-after-free in Linux kernel
Vulnerability identifier: #VU41532
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 2.6.0 - 2.6.32.58
External links
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=86acdca1b63e6890540fa19495cfc708beff3d8b
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://linux.oracle.com/errata/ELSA-2014-3043.html
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
http://secunia.com/advisories/59262
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
http://secunia.com/advisories/59560
http://www.securityfocus.com/bid/68125
http://bugzilla.redhat.com/show_bug.cgi?id=1094363
http://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
