#VU91054 Use-after-free in Linux kernel
Vulnerability identifier: #VU91054
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9
http://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a
http://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b
http://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574
http://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226
http://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267
http://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132
http://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
