#VU98899 Use-after-free in Linux kernel
Vulnerability identifier: #VU98899
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6
http://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e
http://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548
http://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7
http://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58
http://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04
http://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
