#VU97491 Use-after-free in Linux kernel


Vulnerability identifier: #VU97491

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73
http://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1
http://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e
http://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d
http://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce
http://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96
http://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49
http://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability