Vulnerabilities > CVE-2021-43412 - Use After Free vulnerability in GNU Hurd

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
gnu
CWE-416

Summary

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.

Vulnerable Configurations

Part Description Count
Application
Gnu
1

Common Weakness Enumeration (CWE)