#VU90892 Double free in Linux kernel
Vulnerability identifier: #VU90892
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db
http://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2
http://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea
http://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21
http://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd
http://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8
http://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7
http://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
