Linux Kernel atalk_proc_exit Function Use-After-Free Vulnerability

By GIXnews


A vulnerability in the Linux Kernel could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a use-after-free condition that exists in the atalk_proc_exit function of the affected software. The vulnerability is related to the anet/appletalk/atalk_proc.c, anet/appletalk/ddp.c, and anet/appletalk/sysctl_net_atalk.c source code files. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code or cause a DoS condition.

Kernel.org has confirmed the vulnerability and released software updates.

Security Impact Rating: Critical

CVE: CVE-2019-15292

Source:: Cisco Multivendor Vulnerability Alerts