#VU102022 Use-after-free in Linux kernel - CVE-2024-56619
Vulnerability identifier: #VU102022
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/09d6d05579fd46e61abf6e457bb100ff11f3a9d3
https://git.kernel.org/stable/c/31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e
https://git.kernel.org/stable/c/48eb6e7404948032bbe811c5affbe39f6b316951
https://git.kernel.org/stable/c/5af8366625182f01f6d8465c9a3210574673af57
https://git.kernel.org/stable/c/985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d
https://git.kernel.org/stable/c/c3afea07477baccdbdec4483f8d5e59d42a3f67f
https://git.kernel.org/stable/c/e3732102a9d638d8627d14fdf7b208462f0520e0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
