A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel prior to 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 4.15 |
||
linux linux kernel |
||
fedoraproject fedora 27 |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux for scientific computing 7.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux for real time 7.0 |
||
redhat enterprise linux for real time for nfv 7 |
||
redhat enterprise linux for power big endian 7.0 |
||
redhat enterprise linux for ibm z systems 7.0 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux eus 7.4 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux eus 7.6 |
||
redhat enterprise linux server tus 7.7 |
||
redhat enterprise linux eus 7.7 |
||
redhat enterprise linux server update services for sap solutions 7.4 |
||
redhat enterprise linux compute node eus 7.4 |
||
redhat enterprise linux for power little endian eus 7.4 |
||
redhat enterprise linux for ibm z systems eus 7.4 |
||
redhat enterprise linux for power big endian eus 7.4 |