Use-after-free in Linux kernel block
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-57875 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU102913
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the disk_zone_is_conv(), disk_destroy_zone_wplugs_hash_table(), disk_free_zone_resources(), disk_update_zone_resources() and blk_revalidate_disk_zones() functions in block/blk-zoned.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.12 - 6.12.4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.12:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.12.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.12.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.12.4:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc
https://git.kernel.org/stable/c/d7cb6d7414ea1b33536fa6d11805cb8dceec1f97
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
