#VU91602 Buffer overflow in Linux kernel
Vulnerability identifier: #VU91602
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d0e214acc59145ce25113f617311aa79dda39cb3
http://git.kernel.org/stable/c/21e5fa4688e1a4d3db6b72216231b24232f75c1d
http://git.kernel.org/stable/c/15641007df0f0d35fa28742b25c2a7db9dcd6895
http://git.kernel.org/stable/c/ca1f06e72dec41ae4f76e7b1a8a97265447b46ae
http://git.kernel.org/stable/c/f06899582ccee09bd85d0696290e3eaca9aa042d
http://git.kernel.org/stable/c/7070b274c7866a4c5036f8d54fcaf315c64ac33a
http://git.kernel.org/stable/c/43f798b9036491fb014b55dd61c4c5c3193267d0
http://git.kernel.org/stable/c/0971126c8164abe2004b8536b49690a0d6005b0a
http://git.kernel.org/stable/c/7a4b21250bf79eef26543d35bd390448646c536b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
