#VU90073 Use-after-free in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90073

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52772

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_stream_recv_urg() function in net/unix/af_unix.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/75bcfc188abf4fae9c1d5f5dc0a03540be602eef
http://git.kernel.org/stable/c/d179189eec426fe4801e4b91efa1889faed12700
http://git.kernel.org/stable/c/eae0b295ce16d8c8b4114c3037993191b4bb92f0
http://git.kernel.org/stable/c/069a3ec329ff43e7869a3d94c62cd03203016bce
http://git.kernel.org/stable/c/4b7b492615cf3017190f55444f7016812b66611d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)
SUSE update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Use-after-free in Linux kernel unix