#VU90168 Use-after-free in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90168

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27396

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58
http://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7
http://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd
http://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07
http://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29
http://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6
http://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474
http://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability