#VU90215 Use-after-free in Linux kernel
Vulnerability identifier: #VU90215
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa
http://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d
http://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6
http://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee
http://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197
http://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44
http://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b
http://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
