Vulnerability identifier: #VU93289
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c
http://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
http://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a
http://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52
http://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89
http://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
http://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1
http://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.