#VU90145 Use-after-free in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90145

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35955

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/b5808d40093403334d939e2c3c417144d12a6f33
http://git.kernel.org/stable/c/93eb31e7c3399e326259f2caa17be1e821f5a412
http://git.kernel.org/stable/c/5062d1f4f07facbdade0f402d9a04a788f52e26d
http://git.kernel.org/stable/c/2df2dd27066cdba8041e46a64362325626bdfb2e
http://git.kernel.org/stable/c/62029bc9ff2c17a4e3a2478d83418ec575413808
http://git.kernel.org/stable/c/d15023fb407337028a654237d8968fefdcf87c2f
http://git.kernel.org/stable/c/36b57c7d2f8b7de224980f1a284432846ad71ca0
http://git.kernel.org/stable/c/325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability