#VU90134 Use-after-free in Linux kernel
Vulnerability identifier: #VU90134
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe
http://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7
http://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5
http://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124
http://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0
http://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d
http://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020
http://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda
http://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
