#VU87986 Use-after-free in Linux kernel


Published: 2024-04-02

Vulnerability identifier: #VU87986

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-25162

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the i2c_put_adapter() function in drivers/i2c/i2c-core-base.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a
http://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829
http://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87
http://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9
http://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7
http://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4
http://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d
http://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux
Local denial of service in Linux kernel i2c driver