Use-after-free in Linux kernel

#VU98598 Use-after-free in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-10-15

Vulnerability identifier: #VU98598

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2
http://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80
http://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3
http://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS update for kernel

SUSE update for the Linux Kernel

Use-after-free in Linux kernel mm