Vulnerability identifier: #VU90162
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388
http://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1
http://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121
http://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887
http://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049
http://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1
http://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.