Linux Kernel privilege escalation |
NAME
Linux Kernel privilege escalation
- Platforms Affected:
Linux Kernel 5.14
Linux Kernel 5.15
Linux Kernel 5.16 - Risk Level:
8.8 - Exploitability:
Unproven - Consequences:
Gain Privileges
DESCRIPTION
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in the handling of credentials in io_uring. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of the kernel.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.zerodayinitiative.com/advisories/ZDI-22-362/ - Reference Link:
https://github.com/torvalds/linux/commit/a30f895ad3239f45012e860d4f94c1a388b36d14
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
