#VU98869 Use-after-free in Linux kernel - CVE-2024-49903
Vulnerability identifier: #VU98869
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/fd026b6b6758d5569705c02540b40f3bbf822b9a
https://git.kernel.org/stable/c/e7ae14f7ee76c6ef5a48aebab1a278ad78f42619
https://git.kernel.org/stable/c/0c238da83f56bb895cab1e5851d034ac45b158d1
https://git.kernel.org/stable/c/4218b31ecc7af7e191768d32e32ed4386d8f9b76
https://git.kernel.org/stable/c/a9603a6f75df2fd8125cd208c98cfaa0fe3f7505
https://git.kernel.org/stable/c/95accb7183badca387f7a8d19a2475cf3089f148
https://git.kernel.org/stable/c/d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
