#VU91473 Race condition in Linux kernel
Vulnerability identifier: #VU91473
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2
http://git.kernel.org/stable/c/766c2627acb2d9d1722cce2e24837044d52d888a
http://git.kernel.org/stable/c/772f18ded0e240cc1fa2b7020cc640e3e5c32b70
http://git.kernel.org/stable/c/29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44
http://git.kernel.org/stable/c/dc29dd00705a62c77de75b6d752259b869aac49d
http://git.kernel.org/stable/c/ad6759e233db6fcc131055f8e23b4eafbe81053c
http://git.kernel.org/stable/c/4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701
http://git.kernel.org/stable/c/50e60de381c342008c0956fd762e1c26408f372c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
