Vulnerability identifier: #VU90163
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0
http://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef
http://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758
http://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a
http://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4
http://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770
http://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.