#VU90098 Use-after-free in Linux kernel
Vulnerability identifier: #VU90098
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d7367f781e5a9ca5df9082b15b272b55e76931f8
http://git.kernel.org/stable/c/d3ccb18ed5ac3283c7b31ecc685b499e580d5492
http://git.kernel.org/stable/c/88e0720133d42d34851c8721cf5f289a50a8710f
http://git.kernel.org/stable/c/f153664d8e70c11d0371341613651e1130e20240
http://git.kernel.org/stable/c/8e24c12f2ff6d32fd9f057382f08e748ec97194c
http://git.kernel.org/stable/c/7b292608db23ccbbfbfa50cdb155d01725d7a52e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
