#VU88544 Integer overflow in Linux kernel
Vulnerability identifier: #VU88544
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-190
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751
http://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0
http://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91
http://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad
http://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a
http://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7
http://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a
http://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
