#VU102013 Use-after-free in Linux kernel - CVE-2024-56693
Vulnerability identifier: #VU102013
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __setup(), brd_alloc(), brd_cleanup() and brd_init() functions in drivers/block/brd.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/259bf925583ec9e3781df778cadf00594095090d
https://git.kernel.org/stable/c/410896624db639500f24f46478b4bfa05c76bf56
https://git.kernel.org/stable/c/41219c147df8bbd6591f59af5d695fb6c9a1cbff
https://git.kernel.org/stable/c/63dfd728b30f79495dacc886127695a379805152
https://git.kernel.org/stable/c/826cc42adf44930a633d11a5993676d85ddb0842
https://git.kernel.org/stable/c/c0c2744cd2939ec5999c51dbaf2af16886548b7b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
