Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-26872 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/bdd895e0190c464f54f84579e7535d80276f0fc5
http://git.kernel.org/stable/c/6413e78086caf7bf15639923740da0d91fdfd090
http://git.kernel.org/stable/c/e362d007294955a4fb929e1c8978154a64efdcb6
http://git.kernel.org/stable/c/85570b91e4820a0db9d9432098778cafafa7d217
http://git.kernel.org/stable/c/7104a00fa37ae898a827381f1161fa3286c8b346
http://git.kernel.org/stable/c/ec77fa12da41260c6bf9e060b89234b980c5130f
http://git.kernel.org/stable/c/c21a8870c98611e8f892511825c9607f1e2cd456
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.