#VU92314 Use-after-free in Linux kernel - CVE-2024-38612


Vulnerability identifier: #VU92314

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38612

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7
http://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4
http://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c
http://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01
http://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925
http://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66
http://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a
http://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4
http://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability