#VU95503 Use-after-free in Linux kernel - CVE-2024-42232
Vulnerability identifier: #VU95503
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf
https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea
https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c
https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7
https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a
https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d
https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e
https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
