First published: Fri Feb 15 2019(Updated: )
In the Linux kernel af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free (UAF) in sockfs_setattr. A local attacker can use this flaw to escalate privileges and take control of the system. Other vendors have considered this a 'network' accessible attack, this claim is unsubstantiated at this time. Note: The attack vector that allowed the use-after-free mentioned in the original report is not introduced in the Red Hat Enterprise Linux 7, 6 and 5 versions of the kernel. References: <a href="http://patchwork.ozlabs.org/patch/1042902/">http://patchwork.ozlabs.org/patch/1042902/</a> An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61b685ec0102574e10337fa5f445ea">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61b685ec0102574e10337fa5f445ea</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-alt | <0:4.14.0-115.17.1.el7a | 0:4.14.0-115.17.1.el7a |
Linux Linux kernel | >=4.10<4.14.103 | |
Linux Linux kernel | >=4.19<4.19.25 | |
Linux Linux kernel | >=4.20<4.20.12 | |
Linux Linux kernel | =5.0-rc1 | |
Linux Linux kernel | =5.0-rc2 | |
Linux Linux kernel | =5.0-rc3 | |
Linux Linux kernel | =5.0-rc4 | |
Linux Linux kernel | =5.0-rc5 | |
Linux Linux kernel | =5.0-rc6 | |
Linux Linux kernel | =5.0-rc7 | |
Linux Linux kernel | =5.0-rc8 | |
Redhat Enterprise Linux | =7.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
openSUSE Leap | =15.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.