#VU92299 Use-after-free in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92299

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47576

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9
http://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf
http://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e
http://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d
http://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6
http://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac
http://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability