SB2024071332 - Use-after-free in Linux kernel greybus driver
Published: July 13, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071332
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-39495)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201
- https://git.kernel.org/stable/c/2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83
- https://git.kernel.org/stable/c/fb071f5c75d4b1c177824de74ee75f9dd34123b9
- https://git.kernel.org/stable/c/9a733d69a4a59c2d08620e6589d823c24be773dc
- https://git.kernel.org/stable/c/0b8fba38bdfb848fac52e71270b2aa3538c996ea
- https://git.kernel.org/stable/c/03ea2b129344152157418929f06726989efc0445
- https://git.kernel.org/stable/c/5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35