#VU90217 Use-after-free in Linux kernel
Vulnerability identifier: #VU90217
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861
http://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7
http://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca
http://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77
http://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a
http://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e
http://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576
http://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
