Time-of-check Time-of-use (TOCTOU) Affecting perf package, versions <0:3.10.0-1062.el7
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-PERF-2138358
- published 26 Jul 2021
- disclosed 14 Sep 2018
Introduced: 14 Sep 2018
CVE-2018-9517 Open this link in a new tabHow to fix?
Upgrade Centos:7 perf to version 0:3.10.0-1062.el7 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.