#VU102062 Use-after-free in Linux kernel - CVE-2024-53165
Vulnerability identifier: #VU102062
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/3c7c806b3eafd94ae0f77305a174d63b69ec187c
https://git.kernel.org/stable/c/588bdec1ff8b81517dbae0ae51c9df52c0b952d3
https://git.kernel.org/stable/c/63e72e551942642c48456a4134975136cdcb9b3c
https://git.kernel.org/stable/c/6ba6e19912570b2ad68298be0be1dc779014a303
https://git.kernel.org/stable/c/971b4893457788e0e123ea552f0bb126a5300e61
https://git.kernel.org/stable/c/b8b84dcdf3ab1d414304819f824b10efba64132c
https://git.kernel.org/stable/c/c3f4f4547fb291982f5ef56c048277c4d5ccc4e4
https://git.kernel.org/stable/c/c43df7dae28fb9fce96ef088250c1e3c3a77c527
https://git.kernel.org/stable/c/d8de818df12d86a1a26a8efd7b4b3b9c6dc3c5cc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
