#VU90238 Use-after-free in Linux kernel
Vulnerability identifier: #VU90238
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/fb1084e63ee56958b0a56e17a50a4fd86445b9c1
http://git.kernel.org/stable/c/bb61224f6abc8e71bfdf06d7c984e23460875f5b
http://git.kernel.org/stable/c/193b5a1c6c67c36b430989dc063fe7ea4e200a33
http://git.kernel.org/stable/c/7130a87ca32396eb9bf48b71a2d42259ae44c6c7
http://git.kernel.org/stable/c/3936e8714907cd55e37c7cc50e50229e4a9042e8
http://git.kernel.org/stable/c/980663f1d189eedafd18d80053d9cf3e2ceb5c8c
http://git.kernel.org/stable/c/28df4646ad8b433340772edc90ca709cdefc53e2
http://git.kernel.org/stable/c/7ee29facd8a9c5a26079148e36bcf07141b3a6bc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
