#VU97493 Use-after-free in Linux kernel
Vulnerability identifier: #VU97493
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b
http://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70
http://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b
http://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d
http://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2
http://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833
http://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7
http://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
