Use-after-free vulnerability in Linux kernel before 4.13.6 allows removal of fork event from freed list

Use-after-free vulnerability in Linux kernel before 4.13.6 allows removal of fork event from freed list

CVE-2017-15126 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.