Vulnerability identifier: #VU8811
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-122
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists due to corrupting heap memory because of buffer overruns. An adjacent attacker can gain root privileges.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 4.0 - 4.0.9
External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17df6453d4be17910456e9...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.