PT-2015-3594 · Linux+3 · Linux Kernel+3
Sasha Levin
·
Publicado
2015-12-15
·
Atualizado
2018-08-13
·
CVE-2013-7446
CVSS v2.0
5.4
Média
| Vetor | AV:L/AC:M/Au:N/C:N/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.3.3
Description
The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the net/unix/af unix.c file. This vulnerability allows local users to bypass intended AF UNIX socket permissions or cause a denial of service, resulting in a system panic. The exploitation of this issue can be achieved via crafted epoll ctl calls.
Recommendations
For Linux kernel versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AF UNIX socket to minimize the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Linux Kernel
Suse
Ubuntu