Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-9422

Опубликовано: 09 фев. 2016
Источник: redhat
CVSS3: 2.5

Описание

In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1604217kernel: Elevation of Privilege in futex

2.5 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-9422

CVSS3: 7.8
ubuntu
больше 6 лет назад

In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

nvd логотип

CVE-2018-9422

CVSS3: 7.8
nvd
больше 6 лет назад

In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

debian логотип

CVE-2018-9422

CVSS3: 7.8
debian
больше 6 лет назад

In get_futex_key of futex.c, there is a use-after-free due to improper ...

github логотип

GHSA-7jfq-4vfx-p3rg

CVSS3: 7.8
github
около 3 лет назад

In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

oracle-oval логотип

ELSA-2022-9852

oracle-oval
больше 2 лет назад

ELSA-2022-9852: Unbreakable Enterprise kernel security update (IMPORTANT)

2.5 Low

CVSS3