#VU90209 Use-after-free in Linux kernel
Vulnerability identifier: #VU90209
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03
http://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090
http://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2
http://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14
http://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1
http://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b
http://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1
http://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
