#VU94937 Use-after-free in Linux kernel - CVE-2024-42104
Published: July 31, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU94937
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-42104
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479
- https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95
- https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7
- https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131
- https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180
- https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d
- https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf
- https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39