Use-after-free in Linux kernel

1) Use-after-free

EUVDB-ID: #VU90084

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52879

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the apply_event_filter() function in kernel/trace/trace_events_filter.c, within the remove_subsystem(), event_enable_read(), event_enable_write(), event_filter_read() and trace_create_new_event() functions in kernel/trace/trace_events.c, within the register_event_command() function in kernel/trace/trace.h, within the tracing_open_file_tr() and tracing_release_file_tr() functions in kernel/trace/trace.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e
http://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f
http://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0
http://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976
http://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706
http://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d
http://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.