Use-after-free in Linux kernel ipv6
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26735 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa
http://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d
http://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6
http://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee
http://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197
http://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44
http://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b
http://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
