#VU55260 Use-after-free in Linux kernel


Published: 2021-07-22

Vulnerability identifier: #VU55260

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-20934

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux fair scheduler within the show_numa_stats() function, caused by improperly freed NUMA fault statistics. A local user can trigger a use-after-free error and escalate privileges on the system.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://bugs.chromium.org/p/project-zero/issues/detail?id=1913
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16d51a590a8ce3befb1308e0e7ab77f3b661af33

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Juniper Networks Session Smart Router
Red Hat Enterprise Linux 7 update for kernel
CentOS 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Privilege escalation in Linux kernel on NUMA systems