#VU98880 Use-after-free in Linux kernel - CVE-2024-49983
Vulnerability identifier: #VU98880
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/8c26d9e53e5fbacda0732a577e97c5a5b7882aaf
https://git.kernel.org/stable/c/a34bed978364114390162c27e50fca50791c568d
https://git.kernel.org/stable/c/6367d3f04c69e2b8770b8137bd800e0784b0abbc
https://git.kernel.org/stable/c/1b558006d98b7b0b730027be0ee98973dd10ee0d
https://git.kernel.org/stable/c/3ff710662e8d86a63a39b334e9ca0cb10e5c14b0
https://git.kernel.org/stable/c/63adc9016917e6970fb0104ee5fd6770f02b2d80
https://git.kernel.org/stable/c/5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
