A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 3.6 (including) | 4.4.267 (excluding) |
Linux_kernel | Linux | 4.5 (including) | 4.9.267 (excluding) |
Linux_kernel | Linux | 4.10 (including) | 4.14.231 (excluding) |
Linux_kernel | Linux | 4.15 (including) | 4.19.187 (excluding) |
Linux_kernel | Linux | 4.20 (including) | 5.4.112 (excluding) |
Linux_kernel | Linux | 5.5 (including) | 5.10.30 (excluding) |
Linux_kernel | Linux | 5.11 (including) | 5.11.14 (excluding) |
Linux | Ubuntu | bionic | * |
Linux | Ubuntu | esm-infra-legacy/trusty | * |
Linux | Ubuntu | esm-infra/xenial | * |
Linux | Ubuntu | focal | * |
Linux | Ubuntu | groovy | * |
Linux | Ubuntu | hirsute | * |
Linux | Ubuntu | precise/esm | * |
Linux | Ubuntu | trusty | * |
Linux | Ubuntu | trusty/esm | * |
Linux | Ubuntu | upstream | * |
Linux | Ubuntu | xenial | * |
Linux-allwinner | Ubuntu | upstream | * |
Linux-allwinner-5.19 | Ubuntu | upstream | * |
Linux-aws | Ubuntu | bionic | * |
Linux-aws | Ubuntu | esm-infra/xenial | * |
Linux-aws | Ubuntu | focal | * |
Linux-aws | Ubuntu | groovy | * |
Linux-aws | Ubuntu | hirsute | * |
Linux-aws | Ubuntu | trusty | * |
Linux-aws | Ubuntu | trusty/esm | * |
Linux-aws | Ubuntu | upstream | * |
Linux-aws | Ubuntu | xenial | * |
Linux-aws-5.0 | Ubuntu | bionic | * |
Linux-aws-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.0 | Ubuntu | upstream | * |
Linux-aws-5.11 | Ubuntu | upstream | * |
Linux-aws-5.13 | Ubuntu | upstream | * |
Linux-aws-5.15 | Ubuntu | upstream | * |
Linux-aws-5.19 | Ubuntu | upstream | * |
Linux-aws-5.3 | Ubuntu | bionic | * |
Linux-aws-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.3 | Ubuntu | upstream | * |
Linux-aws-5.4 | Ubuntu | bionic | * |
Linux-aws-5.4 | Ubuntu | upstream | * |
Linux-aws-5.8 | Ubuntu | focal | * |
Linux-aws-5.8 | Ubuntu | upstream | * |
Linux-aws-6.2 | Ubuntu | upstream | * |
Linux-aws-6.5 | Ubuntu | upstream | * |
Linux-aws-6.8 | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | fips-updates/bionic | * |
Linux-aws-fips | Ubuntu | fips-updates/focal | * |
Linux-aws-fips | Ubuntu | fips/bionic | * |
Linux-aws-fips | Ubuntu | fips/focal | * |
Linux-aws-fips | Ubuntu | trusty | * |
Linux-aws-fips | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | xenial | * |
Linux-aws-hwe | Ubuntu | esm-infra/xenial | * |
Linux-aws-hwe | Ubuntu | upstream | * |
Linux-aws-hwe | Ubuntu | xenial | * |
Linux-azure | Ubuntu | bionic | * |
Linux-azure | Ubuntu | esm-infra/bionic | * |
Linux-azure | Ubuntu | esm-infra/xenial | * |
Linux-azure | Ubuntu | focal | * |
Linux-azure | Ubuntu | groovy | * |
Linux-azure | Ubuntu | hirsute | * |
Linux-azure | Ubuntu | trusty | * |
Linux-azure | Ubuntu | trusty/esm | * |
Linux-azure | Ubuntu | upstream | * |
Linux-azure | Ubuntu | xenial | * |
Linux-azure-4.15 | Ubuntu | bionic | * |
Linux-azure-4.15 | Ubuntu | upstream | * |
Linux-azure-5.11 | Ubuntu | upstream | * |
Linux-azure-5.13 | Ubuntu | upstream | * |
Linux-azure-5.15 | Ubuntu | upstream | * |
Linux-azure-5.19 | Ubuntu | upstream | * |
Linux-azure-5.3 | Ubuntu | bionic | * |
Linux-azure-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-azure-5.3 | Ubuntu | upstream | * |
Linux-azure-5.4 | Ubuntu | bionic | * |
Linux-azure-5.4 | Ubuntu | upstream | * |
Linux-azure-5.8 | Ubuntu | focal | * |
Linux-azure-5.8 | Ubuntu | upstream | * |
Linux-azure-6.2 | Ubuntu | upstream | * |
Linux-azure-6.5 | Ubuntu | upstream | * |
Linux-azure-6.8 | Ubuntu | upstream | * |
Linux-azure-edge | Ubuntu | bionic | * |
Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
Linux-azure-edge | Ubuntu | upstream | * |
Linux-azure-fde | Ubuntu | focal | * |
Linux-azure-fde | Ubuntu | upstream | * |
Linux-azure-fde-5.15 | Ubuntu | upstream | * |
Linux-azure-fde-5.19 | Ubuntu | upstream | * |
Linux-azure-fde-6.2 | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | fips-updates/bionic | * |
Linux-azure-fips | Ubuntu | fips-updates/focal | * |
Linux-azure-fips | Ubuntu | fips/bionic | * |
Linux-azure-fips | Ubuntu | fips/focal | * |
Linux-azure-fips | Ubuntu | trusty | * |
Linux-azure-fips | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | xenial | * |
Linux-bluefield | Ubuntu | focal | * |
Linux-bluefield | Ubuntu | upstream | * |
Linux-dell300x | Ubuntu | bionic | * |
Linux-dell300x | Ubuntu | upstream | * |
Linux-fips | Ubuntu | fips-updates/bionic | * |
Linux-fips | Ubuntu | fips-updates/xenial | * |
Linux-fips | Ubuntu | fips/bionic | * |
Linux-fips | Ubuntu | fips/focal | * |
Linux-fips | Ubuntu | fips/xenial | * |
Linux-fips | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | bionic | * |
Linux-gcp | Ubuntu | esm-infra/bionic | * |
Linux-gcp | Ubuntu | esm-infra/xenial | * |
Linux-gcp | Ubuntu | focal | * |
Linux-gcp | Ubuntu | groovy | * |
Linux-gcp | Ubuntu | hirsute | * |
Linux-gcp | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | xenial | * |
Linux-gcp-4.15 | Ubuntu | bionic | * |
Linux-gcp-4.15 | Ubuntu | upstream | * |
Linux-gcp-5.11 | Ubuntu | upstream | * |
Linux-gcp-5.13 | Ubuntu | upstream | * |
Linux-gcp-5.15 | Ubuntu | upstream | * |
Linux-gcp-5.19 | Ubuntu | upstream | * |
Linux-gcp-5.3 | Ubuntu | bionic | * |
Linux-gcp-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-gcp-5.3 | Ubuntu | upstream | * |
Linux-gcp-5.4 | Ubuntu | bionic | * |
Linux-gcp-5.4 | Ubuntu | upstream | * |
Linux-gcp-5.8 | Ubuntu | focal | * |
Linux-gcp-5.8 | Ubuntu | upstream | * |
Linux-gcp-6.2 | Ubuntu | upstream | * |
Linux-gcp-6.5 | Ubuntu | upstream | * |
Linux-gcp-6.8 | Ubuntu | upstream | * |
Linux-gcp-edge | Ubuntu | bionic | * |
Linux-gcp-edge | Ubuntu | esm-infra/bionic | * |
Linux-gcp-edge | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | fips-updates/focal | * |
Linux-gcp-fips | Ubuntu | fips/bionic | * |
Linux-gcp-fips | Ubuntu | fips/focal | * |
Linux-gcp-fips | Ubuntu | trusty | * |
Linux-gcp-fips | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | xenial | * |
Linux-gke | Ubuntu | focal | * |
Linux-gke | Ubuntu | upstream | * |
Linux-gke | Ubuntu | xenial | * |
Linux-gke-4.15 | Ubuntu | bionic | * |
Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
Linux-gke-4.15 | Ubuntu | upstream | * |
Linux-gke-5.0 | Ubuntu | bionic | * |
Linux-gke-5.0 | Ubuntu | upstream | * |
Linux-gke-5.15 | Ubuntu | upstream | * |
Linux-gke-5.3 | Ubuntu | bionic | * |
Linux-gke-5.3 | Ubuntu | upstream | * |
Linux-gke-5.4 | Ubuntu | bionic | * |
Linux-gke-5.4 | Ubuntu | upstream | * |
Linux-gkeop | Ubuntu | focal | * |
Linux-gkeop | Ubuntu | upstream | * |
Linux-gkeop-5.15 | Ubuntu | upstream | * |
Linux-gkeop-5.4 | Ubuntu | bionic | * |
Linux-gkeop-5.4 | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | bionic | * |
Linux-hwe | Ubuntu | esm-infra/bionic | * |
Linux-hwe | Ubuntu | esm-infra/xenial | * |
Linux-hwe | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | xenial | * |
Linux-hwe-5.11 | Ubuntu | upstream | * |
Linux-hwe-5.13 | Ubuntu | upstream | * |
Linux-hwe-5.15 | Ubuntu | upstream | * |
Linux-hwe-5.19 | Ubuntu | upstream | * |
Linux-hwe-5.4 | Ubuntu | bionic | * |
Linux-hwe-5.4 | Ubuntu | upstream | * |
Linux-hwe-5.8 | Ubuntu | focal | * |
Linux-hwe-5.8 | Ubuntu | upstream | * |
Linux-hwe-6.2 | Ubuntu | upstream | * |
Linux-hwe-6.5 | Ubuntu | upstream | * |
Linux-hwe-6.8 | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
Linux-hwe-edge | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | xenial | * |
Linux-ibm | Ubuntu | upstream | * |
Linux-ibm-5.15 | Ubuntu | upstream | * |
Linux-ibm-5.4 | Ubuntu | upstream | * |
Linux-intel | Ubuntu | upstream | * |
Linux-intel-5.13 | Ubuntu | upstream | * |
Linux-intel-iot-realtime | Ubuntu | upstream | * |
Linux-intel-iotg | Ubuntu | upstream | * |
Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
Linux-iot | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | bionic | * |
Linux-kvm | Ubuntu | esm-infra/xenial | * |
Linux-kvm | Ubuntu | focal | * |
Linux-kvm | Ubuntu | groovy | * |
Linux-kvm | Ubuntu | hirsute | * |
Linux-kvm | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | xenial | * |
Linux-laptop | Ubuntu | upstream | * |
Linux-lowlatency | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.19 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.2 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.5 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
Linux-lts-trusty | Ubuntu | precise/esm | * |
Linux-lts-trusty | Ubuntu | upstream | * |
Linux-lts-xenial | Ubuntu | trusty | * |
Linux-lts-xenial | Ubuntu | trusty/esm | * |
Linux-lts-xenial | Ubuntu | upstream | * |
Linux-nvidia | Ubuntu | upstream | * |
Linux-nvidia-6.2 | Ubuntu | upstream | * |
Linux-nvidia-6.5 | Ubuntu | upstream | * |
Linux-nvidia-6.8 | Ubuntu | upstream | * |
Linux-nvidia-lowlatency | Ubuntu | upstream | * |
Linux-oem | Ubuntu | bionic | * |
Linux-oem | Ubuntu | esm-infra/bionic | * |
Linux-oem | Ubuntu | upstream | * |
Linux-oem | Ubuntu | xenial | * |
Linux-oem-5.10 | Ubuntu | focal | * |
Linux-oem-5.10 | Ubuntu | upstream | * |
Linux-oem-5.13 | Ubuntu | upstream | * |
Linux-oem-5.14 | Ubuntu | upstream | * |
Linux-oem-5.17 | Ubuntu | upstream | * |
Linux-oem-5.6 | Ubuntu | focal | * |
Linux-oem-5.6 | Ubuntu | upstream | * |
Linux-oem-6.0 | Ubuntu | upstream | * |
Linux-oem-6.1 | Ubuntu | upstream | * |
Linux-oem-6.5 | Ubuntu | upstream | * |
Linux-oem-6.8 | Ubuntu | upstream | * |
Linux-oem-osp1 | Ubuntu | bionic | * |
Linux-oem-osp1 | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | bionic | * |
Linux-oracle | Ubuntu | esm-infra/xenial | * |
Linux-oracle | Ubuntu | focal | * |
Linux-oracle | Ubuntu | groovy | * |
Linux-oracle | Ubuntu | hirsute | * |
Linux-oracle | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | xenial | * |
Linux-oracle-5.0 | Ubuntu | bionic | * |
Linux-oracle-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.0 | Ubuntu | upstream | * |
Linux-oracle-5.11 | Ubuntu | upstream | * |
Linux-oracle-5.13 | Ubuntu | upstream | * |
Linux-oracle-5.15 | Ubuntu | upstream | * |
Linux-oracle-5.3 | Ubuntu | bionic | * |
Linux-oracle-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.3 | Ubuntu | upstream | * |
Linux-oracle-5.4 | Ubuntu | bionic | * |
Linux-oracle-5.4 | Ubuntu | upstream | * |
Linux-oracle-5.8 | Ubuntu | focal | * |
Linux-oracle-5.8 | Ubuntu | upstream | * |
Linux-oracle-6.5 | Ubuntu | upstream | * |
Linux-oracle-6.8 | Ubuntu | upstream | * |
Linux-raspi | Ubuntu | focal | * |
Linux-raspi | Ubuntu | groovy | * |
Linux-raspi | Ubuntu | hirsute | * |
Linux-raspi | Ubuntu | upstream | * |
Linux-raspi-5.4 | Ubuntu | bionic | * |
Linux-raspi-5.4 | Ubuntu | upstream | * |
Linux-raspi-realtime | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | bionic | * |
Linux-raspi2 | Ubuntu | focal | * |
Linux-raspi2 | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | xenial | * |
Linux-raspi2-5.3 | Ubuntu | bionic | * |
Linux-raspi2-5.3 | Ubuntu | upstream | * |
Linux-realtime | Ubuntu | jammy | * |
Linux-realtime | Ubuntu | upstream | * |
Linux-riscv | Ubuntu | focal | * |
Linux-riscv | Ubuntu | groovy | * |
Linux-riscv | Ubuntu | hirsute | * |
Linux-riscv | Ubuntu | upstream | * |
Linux-riscv-5.11 | Ubuntu | upstream | * |
Linux-riscv-5.15 | Ubuntu | upstream | * |
Linux-riscv-5.19 | Ubuntu | upstream | * |
Linux-riscv-5.8 | Ubuntu | focal | * |
Linux-riscv-5.8 | Ubuntu | upstream | * |
Linux-riscv-6.5 | Ubuntu | upstream | * |
Linux-riscv-6.8 | Ubuntu | upstream | * |
Linux-snapdragon | Ubuntu | bionic | * |
Linux-snapdragon | Ubuntu | upstream | * |
Linux-snapdragon | Ubuntu | xenial | * |
Linux-starfive | Ubuntu | upstream | * |
Linux-starfive-5.19 | Ubuntu | upstream | * |
Linux-starfive-6.2 | Ubuntu | upstream | * |
Linux-starfive-6.5 | Ubuntu | upstream | * |
Linux-xilinx-zynqmp | Ubuntu | upstream | * |
The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system’s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:
In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process. If the newly allocated data happens to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.