1 min read
The use-after-free issue was found in the networking subsystem’s sockfs code and could lead to arbitrary code execution as a result.
KASAN (along with the other sanitizers) have already proven quite valuable in spotting various coding mistakes hopefully before they are exploited in the real-world. The Kernel Address Sanitizer picked up another feather in its hat with being responsible for the CVE-2019-8912 discovery.
The CVSS v3.0 Severity and Metrics gave this vulnerability a 9.8 CRITICAL score.
A fix for this vulnerability is already released and will come to all Linux distributions in a couple of days, and will probably be backported to any supported Linux kernel versions.
According to a user on Hacker News, “there may not actually be a proof-of-concept exploit yet, beyond a reproducer causing a KASAN splat. When people request a CVE for a use-after-free bug they usually just assume that code execution may be possible.”
To know more about this vulnerability, visit the NVD website.