#VU99094 Buffer overflow in Linux kernel
Vulnerability identifier: #VU99094
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c
http://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f
http://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e
http://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226
http://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746
http://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7
http://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852
http://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf
http://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
