Use-after-free in Linux kernel ipv6 ila
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-46782 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU97496
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46782
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf
http://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc
http://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6
http://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673
http://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c
http://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2
http://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4
http://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
