#VU92300 Use-after-free in Linux kernel
Vulnerability identifier: #VU92300
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb
http://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49
http://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc
http://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac
http://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a
http://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411
http://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54
http://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
