#VU90235 Use-after-free in Linux kernel
Vulnerability identifier: #VU90235
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add
http://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d
http://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc
http://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f
http://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e
http://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66
http://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640
http://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
