SB2024032268 - Privilege escalation in Linux kernel pvrusb2
Published: March 22, 2024
Security Bulletin ID
SB2024032268
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-52445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab
- https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d
- https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb
- https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08
- https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e
- https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795
- https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c
- https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1