Main Vulnerability Database SB2018090305

SB2018090305 - Privilege escalation in Linux Kernel

Published: September 3, 2018

Security Bulletin ID SB2018090305

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free error (CVE-ID: CVE-2018-14619)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the crypto subsystem of the Linux Kerneldue to incorrect reference to the null skcipher held by each transformation object (TFM), improperly placed when each af_alg_ctx is freed from an affected device. A local attacker can use a custom program, cause the null skcipher to be freed while it is still in use and gain elevated privileges on an affected device.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14619
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983e...