#VU102069 Use-after-free in Linux kernel - CVE-2024-53237
Published: December 30, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU102069
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-53237
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __match_tty() and hci_conn_del_sysfs() functions in net/bluetooth/hci_sysfs.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0f67ca2a80acf8b207240405b7f72d660665d3df
- https://git.kernel.org/stable/c/27aabf27fd014ae037cc179c61b0bee7cff55b3d
- https://git.kernel.org/stable/c/7b277bd569bb6a2777f0014f84b4344f444fd49d
- https://git.kernel.org/stable/c/91e2a2e4d1336333804cd31162984f01ad8cc70f
- https://git.kernel.org/stable/c/a9584c897d1cba6265c78010bbb45ca5722c88bc
- https://git.kernel.org/stable/c/de5a44f351ca7efd9add9851b218f5353e2224b7
- https://git.kernel.org/stable/c/fb91ce37dc9a37ea23cf32b6d7b667004e93d4c5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231