#VU91481 Race condition in Linux kernel
Vulnerability identifier: #VU91481
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928
http://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd
http://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596
http://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8
http://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab
http://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803
http://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff
http://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
