#VU90262 Use-after-free in Linux kernel
Vulnerability identifier: #VU90262
Vulnerability risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88
http://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703
http://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4
http://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6
http://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1
http://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80
http://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
