#VU102015 Use-after-free in Linux kernel - CVE-2024-56601
Vulnerability identifier: #VU102015
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891
https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c
https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288
https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef
https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff
https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b
https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
