#VU94937 Use-after-free in Linux kernel - CVE-2024-42104
Vulnerability identifier: #VU94937
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479
https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95
https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7
https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131
https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180
https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d
https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf
https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
