#VU92790 Use after free in Linux kernel - CVE-2017-16648

Cybersecurity Help s.r.o.

Published: 2017-11-08 | Updated: 2018-10-31

Vulnerability identifier: #VU92790

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16648

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://www.securityfocus.com/bid/101758
https://access.redhat.com/errata/RHSA-2018:2948
https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ
https://patchwork.kernel.org/patch/10046189/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 7 update for kernel-alt

Fedora 25 update for kernel

Fedora 26 update for kernel

Fedora 27 update for kernel

Use after free in Linux kernel