#VU90202 Use-after-free in Linux kernel
Vulnerability identifier: #VU90202
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5956f4203b6cdd0755bbdd21b45f3933c7026208
http://git.kernel.org/stable/c/fe20e3d56bc911408fc3c27a17c59e9d7885f7d1
http://git.kernel.org/stable/c/a9545af2a533739ffb64d6c9a6fec6f13e2b505f
http://git.kernel.org/stable/c/3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447
http://git.kernel.org/stable/c/24228dcf1d30c2231caa332be7d3090ac59fbfe9
http://git.kernel.org/stable/c/73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb
http://git.kernel.org/stable/c/cb5942b77c05d54310a0420cac12935e9b6aa21c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
