#VU102049 Use-after-free in Linux kernel - CVE-2024-53194

Vulnerability identifier: #VU102049

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53194

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/20502f0b3f3acd6bee300257556c27a867f80c8b
https://git.kernel.org/stable/c/41bbb1eb996be1435815aa1fbcc9ffc45b84cc12
https://git.kernel.org/stable/c/50473dd3b2a08601a078f852ea05572de9b1f86c
https://git.kernel.org/stable/c/69d2ceac11acf8579d58d55c9c5b65fb658f916e
https://git.kernel.org/stable/c/c7acef99642b763ba585f4a43af999fcdbcc3dc4
https://git.kernel.org/stable/c/c8266ab8e7ccd1d1f5a9c8b29eb2020175048134
https://git.kernel.org/stable/c/d0ddd2c92b75a19a37c887154223372b600fed37
https://git.kernel.org/stable/c/da6e6ff1f6c57f16e07af955e0e997fc90dd1e75
https://git.kernel.org/stable/c/e5d5c04aac71bf1476dc44b56f2206a4c2facca8

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.