#VU94932 Use-after-free in Linux kernel - CVE-2024-42115
Vulnerability identifier: #VU94932
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8
https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67
https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789
https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65
https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc
https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455
https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c
https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
