#VU70503 Race condition in Linux kernel


Published: 2022-12-27

Vulnerability identifier: #VU70503

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45888

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition within the drivers/char/xillybus/xillyusb.c in Linux kernel. An attacker with physical access to the system can trigger a use-after-free error during physical removal of a USB device and execute arbitrary code.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://lore.kernel.org/all/20221022175404.GA375335@ubuntu/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Privilege escalation in Linux kernel xillybus