#VU91056 Use-after-free in Linux kernel
Vulnerability identifier: #VU91056
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f
http://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff
http://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5
http://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2
http://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f
http://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683
http://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585
http://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
