SB2024080779 - Use-after-free in Linux kernel ceph
Published: August 7, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024080779
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-42232)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf
- https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea
- https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c
- https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7
- https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a
- https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d
- https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e
- https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41