#VU92311 Use-after-free in Linux kernel - CVE-2024-38583
Vulnerability identifier: #VU92311
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d
http://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164
http://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148
http://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438
http://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a
http://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0
http://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6
http://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb
http://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
