#VU90218 Use-after-free in Linux kernel
Vulnerability identifier: #VU90218
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532
http://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba
http://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8
http://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed
http://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50
http://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d
http://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
