#VU90119 Use-after-free in Linux kernel
Vulnerability identifier: #VU90119
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069
http://git.kernel.org/stable/c/29ba8e2ba89ee2862a26d91204dd5fe77ceee25a
http://git.kernel.org/stable/c/5b06ca113bf197aab2ab61288f42506e0049fbab
http://git.kernel.org/stable/c/481a76d4749ee3a27f902ba213fdcbb4bb39720e
http://git.kernel.org/stable/c/38660031e80eaa6cc9370b031c180612f414b00d
http://git.kernel.org/stable/c/b9c87ce3bc6331f82811a8cf8e930423c22523a3
http://git.kernel.org/stable/c/ef1067d2baa847d53c9988510d99fb494de4d12c
http://git.kernel.org/stable/c/a7268e8a227d5a4f0bd1584f556246b0224ab274
http://git.kernel.org/stable/c/7272b591c4cb9327c43443f67b8fbae7657dd9ae
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
