| Vulnerability Name: | CCN-237855 | ||||||
| Published: | 2022-08-29 | ||||||
| Updated: | 2022-08-29 | ||||||
| Summary: | Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to anon_vma->degree ambiguity leading to double-reuse. By execution a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | ||||||
| CVSS v3 Severity: | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||
| CVSS v2 Severity: | 6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Google Security Research Issue 2351 Issue 2351: Linux >=3.19: anon_vma UAF through bogus merge of VMAs caused by double-reuse of leaf anon_vma because of ->degree misinterpretation Source: XF Type: UNKNOWN linux-kernel-anonvma-code-exec(237855) Source: CCN Type: Linux Kernel GIT Repository mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse Source: CCN Type: Packet Storm Security [10-06-2022] Linux 3.19 anon_vma Use-After-Free | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||