#VU91314 Buffer overflow in Linux kernel
Vulnerability identifier: #VU91314
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe
http://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76
http://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e
http://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625
http://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5
http://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759
http://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883
http://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
