#VU102904 Use-after-free in Linux kernel - CVE-2024-57896

Vulnerability identifier: #VU102904

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57896

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017
https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725
https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c
https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808
https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476
https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.