#VU88104 Use-after-free in Linux kernel
Vulnerability identifier: #VU88104
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in fs/jfs/jfs_mount.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35
http://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f
http://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8
http://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61
http://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce
http://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e
http://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e
http://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
