#VU98895 Use-after-free in Linux kernel - CVE-2024-47712
Vulnerability identifier: #VU98895
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e
https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b
https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1
https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b
https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5
https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192
https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
