#VU102903 Use-after-free in Linux kernel - CVE-2024-57900
Vulnerability identifier: #VU102903
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1638f430f8900f2375f5de45508fbe553997e190
https://git.kernel.org/stable/c/17e8fa894345e8d2c7a7642482267b275c3d4553
https://git.kernel.org/stable/c/260466b576bca0081a7d4acecc8e93687aa22d0e
https://git.kernel.org/stable/c/3d1b63cf468e446b9feaf4e4e73182b9cc82f460
https://git.kernel.org/stable/c/ad0677c37c14fa28913daea92d139644d7acf04e
https://git.kernel.org/stable/c/d3017895e393536b234cf80a83fc463c08a28137
https://git.kernel.org/stable/c/eba25e21dce7ec70e2b3f121b2f3a25a4ec43eca
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
