#VU87573 Use-after-free in Linux kernel
Vulnerability identifier: #VU87573
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c
http://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50
http://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570
http://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7
http://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea
http://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad
http://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41
http://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
