SB2024091855 - Use-after-free in Linux kernel ipv6 ila

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2024-46782)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf
• https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc
• https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6
• https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673
• https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c
• https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2
• https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4
• https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.322
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.226
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.167
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.284
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51