#VU102042 Use-after-free in Linux kernel - CVE-2024-56558
Vulnerability identifier: #VU102042
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1cecfdbc6bfc89c516d286884c7f29267b95de2b
https://git.kernel.org/stable/c/6cefcadd34e3c71c81ea64b899a0daa86314a51a
https://git.kernel.org/stable/c/7365d1f8de63cffdbbaa2287ce0205438e1a922f
https://git.kernel.org/stable/c/7d8f7816bebcd2e7400bb4d786eccb8f33c9f9ec
https://git.kernel.org/stable/c/7fd29d284b55c2274f7a748e6c5f25b4758b8da5
https://git.kernel.org/stable/c/be8f982c369c965faffa198b46060f8853e0f1f0
https://git.kernel.org/stable/c/e2fa0d0e327279a8defb87b263cd0bf288fd9261
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
