Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-46746 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU97494
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46746
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.15 - 6.10.9
CPE2.3https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc
https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0
https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89
https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c
https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.167
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.