Use-after-free in Linux kernel atm driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-44998 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d
https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1
https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d
https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518
https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55
https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd
https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10
https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
