Vulnerability CVE-2017-7874
Published: 2017-04-15

Description:
udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux Kernel 4.8.0 udev 232 Privilege Escalation
Nassim Asrir
15.04.2017

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

 References:
https://packetstormsecurity.com/files/142152/Linux-Kernel-4.8.0-udev-232-Privilege-Escalation.html
Copyright 2024, cxsecurity.com

 

Back to Top