Описание
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system.
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | kernel | Fixed | RHSA-2022:1417 | 19.04.2022 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2022:0622 | 22.02.2022 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2022:0592 | 22.02.2022 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2022:0620 | 22.02.2022 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2022:1106 | 29.03.2022 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2022:1104 | 29.03.2022 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | kernel | Fixed | RHSA-2022:1107 | 29.03.2022 |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | kernel | Fixed | RHSA-2022:1107 | 29.03.2022 |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2022:1103 | 29.03.2022 |
Показывать по
Дополнительная информация
Статус:
7.4 High
CVSS3
Связанные уязвимости
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
In unix_scm_to_skb of af_unix.c, there is a possible use after free bu ...
Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2)
Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3)
7.4 High
CVSS3