Vulnerability identifier: #VU90145
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33
http://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412
http://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d
http://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e
http://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808
http://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f
http://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0
http://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.