Gửi #22410: Kernel: use-after-free in route4_change() in net/sched/cls_route.cthông tin

tiêu đềKernel: use-after-free in route4_change() in net/sched/cls_route.c
Mô tảA flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. This flaw is rated as having Moderate impact (Red Hat Enterprise Linux 7 and lower) because of the need to have CAP_NET_ADMIN privileges and that Red Hat Enterprise Linux 7 disabled unprivileged user/network namespaces by default. This flaw is rated as having Important impact (Red Hat Enterprise Linux 8) because Red Hat Enterprise Linux 8 enabled unprivileged user/network namespaces by default which can be used to gain CAP_NET_ADMIN privileges in corresponding user namespace even for otherwise unprivileged local user and thus exercise this vulnerability. CVE-2021-3715 / CWE-416
Nguồn⚠️ https://access.redhat.com/security/cve/CVE-2021-3715
Người dùng
 misc (UID 3)
Đệ trình18/10/2021 08:34 (cách đây 5 những năm)
Kiểm duyệt18/10/2021 08:38 (4 minutes later)
Trạng tháiđược chấp nhận
Mục VulDB184524 [Linux Kernel Traffic Control Networking Subsystem net/sched/cls_route.c route4_change tràn bộ đệm]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!