Use-after-free in Linux kernel mellanox mlxsw driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-35854 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU90162
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388
http://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1
http://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121
http://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887
http://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049
http://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1
http://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
