#VU91484 Race condition in Linux kernel
Vulnerability identifier: #VU91484
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/95b1d336b0642198b56836b89908d07b9a0c9608
http://git.kernel.org/stable/c/252a2a5569eb9f8d16428872cc24dea1ac0bb097
http://git.kernel.org/stable/c/7e7a0d86542b0ea903006d3f42f33c4f7ead6918
http://git.kernel.org/stable/c/98fee5bee97ad47b527a997d5786410430d1f0e9
http://git.kernel.org/stable/c/6696f76c32ff67fec26823fc2df46498e70d9bf3
http://git.kernel.org/stable/c/67f16bf2cc1698fd50e01ee8a2becc5a8e6d3a3e
http://git.kernel.org/stable/c/77d210e8db4d61d43b2d16df66b1ec46fad2ee01
http://git.kernel.org/stable/c/9a9ab0d963621d9d12199df9817e66982582d5a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
