Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-27043 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90178
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856
http://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086
http://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644
http://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e
http://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712
http://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62
http://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d
http://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b
http://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.