CVE-2020-0030

Опубликовано: 03 фев. 2020

Источник: redhat

CVSS3: 7

Описание

In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel

A race condition leading to a use-after-free memory flaw was found in the Linux kernel. This could lead to a local escalation of privileges with no additional execution privileges required. For this particular vulnerability, no user interaction is needed. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-362->CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1829841kernel: use after free due to a race condition in binder driver leads to local privilege escalation

7 High

CVSS3