#VU102907 Use-after-free in Linux kernel - CVE-2024-57887


Vulnerability identifier: #VU102907

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57887

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the adv7533_parse_dt() function in drivers/gpu/drm/bridge/adv7511/adv7533.c, within the adv7511_probe(), i2c_unregister_device() and adv7511_remove() functions in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1f49aaf55652580ae63ab83d67211fe6a55d83dc
https://git.kernel.org/stable/c/81adbd3ff21c1182e06aa02c6be0bfd9ea02d8e8
https://git.kernel.org/stable/c/ca9d077350fa21897de8bf64cba23b198740aab5

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-raspi
Ubuntu update for linux
Ubuntu update for linux-lowlatency
Ubuntu update for linux-lowlatency-hwe-6.11
Ubuntu update for linux-oem-6.11
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel