Vulnerability identifier: #VU61258
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
Exploitation vector: Local
Exploit availability:
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://bugzilla.redhat.com/show_bug.cgi?id=2035652
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?