#VU90138 Use-after-free in Linux kernel
Vulnerability identifier: #VU90138
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the blk_trace_remove_queue() function in kernel/trace/blktrace.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/488da313edf3abea7f7733efe011c96b23740ab5
http://git.kernel.org/stable/c/dacfd5e4d1142bfb3809aab3634a375f6f373269
http://git.kernel.org/stable/c/d56171d9360c0170c5c5f8f7e2362a2e999eca40
http://git.kernel.org/stable/c/677e362ba807f3aafe6f405c07e0b37244da5222
http://git.kernel.org/stable/c/ebb8d26d93c3ec3c7576c52a8373a2309423c069
http://git.kernel.org/stable/c/3815fe7371d2411ce164281cef40d9fc7b323dee
http://git.kernel.org/stable/c/a5f8e86192612d0183047448d8bbe7918b3f1a26
http://git.kernel.org/stable/c/5afedf670caf30a2b5a52da96eb7eac7dee6a9c9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
