CVE-2017-15126
kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
Se ha encontrado un fallo de uso de memoria previamente liberada en fs/userfaultfd.c en el kernel de Linux en versiones anteriores a la 4.13.6. El problema se relaciona con la gestión del error de bifurcación al gestionar mensajes de evento. El error al bifurcar correctamente puede llevar a una situación en la que un evento fork se eliminará de una lista ya liberada de eventos con userfaultfd_ctx_put().
A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-08 CVE Reserved
- 2018-01-14 CVE Published
- 2023-09-03 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-416: Use After Free
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102516 | Third Party Advisory | |
https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.11 < 4.13.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.13.6" | - |
Affected
|