Vulnerability identifier: #VU88105
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41
http://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017
http://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e
http://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98
http://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641
http://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b
http://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe
http://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.