Palo Alto Networks is aware of a use-after-free (UAF) vulnerability in the Linux kernel's sockfs_setattr. (Ref: PAN-113631/ CVE-2019-8912)
Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system.
This issue affects PAN-OS 7.1.23 and earlier, PAN-OS 8.0.17 and earlier, PAN-OS 8.1.8 and earlier, and PAN-OS 9.0.2 and earlier.
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 9.0 | <= 9.0.2 | >= 9.0.3 |
PAN-OS 8.1 | <= 8.1.8 | >= 8.1.9 |
PAN-OS 8.0 | <= 8.0.17 | >= 8.0.18 |
PAN-OS 7.1 | <= 7.1.23 | >= 7.1.24 |
CVSSv3.1 Base Score: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
PAN-OS 7.1.24 and later, PAN-OS 8.0.18 and later, PAN-OS 8.1.9 and later, and PAN-OS 9.0.3 and later.
N/A