Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47334 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90119
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47334
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069
http://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a
http://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab
http://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e
http://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d
http://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3
http://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c
http://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274
http://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.