#VU102909 Use-after-free in Linux kernel - CVE-2024-57884

Vulnerability identifier: #VU102909

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57884

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2
https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284
https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c
https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19
https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8
https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c
https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.