Описание
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker.
Меры по смягчению последствий
The currently known attack vector uses IPv6 for exploitation. If IPv6 is not needed on the host, disabling it mitigates this attack vector. Please see https://access.redhat.com/solutions/8709 for instructions on how to disable IPv6 in Red Hat Enterprise Linux.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2019:2736 | 12.09.2019 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel | Fixed | RHSA-2019:4056 | 03.12.2019 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | kernel | Fixed | RHSA-2019:4255 | 17.12.2019 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2019:0514 | 13.03.2019 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2019:0512 | 13.03.2019 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | kernel | Fixed | RHSA-2019:4164 | 10.12.2019 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
In sk_clone_lock of sock.c, there is a possible memory corruption due ...
Security update for the Linux Kernel (Live Patch 38 for SLE 12)
Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1)
7 High
CVSS3