#VU94947 Use-after-free in Linux kernel
Vulnerability identifier: #VU94947
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
http://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
http://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
http://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
http://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
http://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
http://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
