#VU102059 Use-after-free in Linux kernel - CVE-2024-53171
Vulnerability identifier: #VU102059
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/01d3a2293d7e4edfff96618c15727db7e51f11b6
https://git.kernel.org/stable/c/2497479aecebe869d23a0064e0fd1a03e34f0e2a
https://git.kernel.org/stable/c/398a91599d263e41c5f95a2fd4ebdb6280b5c6c3
https://git.kernel.org/stable/c/4617fb8fc15effe8eda4dd898d4e33eb537a7140
https://git.kernel.org/stable/c/4d9807048b851d7a58d5bd089c16254af896e4df
https://git.kernel.org/stable/c/74981f7577d183acad1cd58f74c10d263711a215
https://git.kernel.org/stable/c/8d8b3f5f4cbfbf6cb0ea4a4d5dc296872b4151eb
https://git.kernel.org/stable/c/daac4aa1825de0dbc1a6eede2fa7f9fc53f14223
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
