Vulnerability identifier: #VU64861
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
Exploitation vector: Local
Exploit availability:
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
Fixed software versions
CPE
External links
http://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
http://security.netapp.com/advisory/ntap-20220629-0007/
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?