CVE-2017-15126
14.01.2018, 06:29
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.11 ≤ 𝑥 < 4.13.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||
| linux-armadaxp |
| ||||||||
| linux-aws |
| ||||||||
| linux-azure |
| ||||||||
| linux-euclid |
| ||||||||
| linux-flo |
| ||||||||
| linux-gcp |
| ||||||||
| linux-gke |
| ||||||||
| linux-goldfish |
| ||||||||
| linux-grouper |
| ||||||||
| linux-hwe |
| ||||||||
| linux-hwe-edge |
| ||||||||
| linux-kvm |
| ||||||||
| linux-linaro-omap |
| ||||||||
| linux-linaro-shared |
| ||||||||
| linux-linaro-vexpress |
| ||||||||
| linux-lts-quantal |
| ||||||||
| linux-lts-raring |
| ||||||||
| linux-lts-saucy |
| ||||||||
| linux-lts-trusty |
| ||||||||
| linux-lts-utopic |
| ||||||||
| linux-lts-vivid |
| ||||||||
| linux-lts-wily |
| ||||||||
| linux-lts-xenial |
| ||||||||
| linux-maguro |
| ||||||||
| linux-mako |
| ||||||||
| linux-manta |
| ||||||||
| linux-oem |
| ||||||||
| linux-qcm-msm |
| ||||||||
| linux-raspi2 |
| ||||||||
| linux-snapdragon |
| ||||||||
| linux-ti-omap4 |
|
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-416 - Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
References