#VU93827 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93827
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992
http://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a
http://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96
http://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33
http://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7
http://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5
http://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7
http://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
