#VU102917 Use-after-free in Linux kernel - CVE-2024-50051
Vulnerability identifier: #VU102917
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpc52xx_spi_remove() function in drivers/spi/spi-mpc52xx.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1
https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b
https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8
https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21
https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1
https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817
https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
