Use-after-free in Linux kernel mm
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-53097 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU100937
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53097
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __do_krealloc() function in mm/slab_common.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttp://git.kernel.org/stable/c/3dfb40da84f26dd35dd9bbaf626a2424565b8406
http://git.kernel.org/stable/c/486aeb5f1855c75dd810c25036134961bd2a6722
http://git.kernel.org/stable/c/704573851b51808b45dae2d62059d1d8189138a2
http://git.kernel.org/stable/c/71548fada7ee0eb50cc6ccda82dff010c745f92c
http://git.kernel.org/stable/c/8ebee7565effdeae6085458f8f8463363120a871
http://git.kernel.org/stable/c/d02492863023431c31f85d570f718433c22b9311
http://git.kernel.org/stable/c/d43f1430d47c22a0727c05b6f156ed25fecdfeb4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
