Vulnerability identifier: #VU92299
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9
http://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf
http://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e
http://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d
http://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6
http://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac
http://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.