Improper privilege management in Linux kernel - CVE-2024-57931
Published: January 21, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU103139
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-57931
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the services_compute_xperms_decision() function in security/selinux/ss/services.c. A local user can read and manipulate data.
How to mitigate CVE-2024-57931
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/712137b177b45f255ce5687e679d950fcb218256
- https://git.kernel.org/stable/c/900f83cf376bdaf798b6f5dcb2eae0c822e908b6
- https://git.kernel.org/stable/c/c1dbd28a079553de0023e1c938c713efeeee400f
- https://git.kernel.org/stable/c/c79324d42fa48372e0acb306a2761cc642bd4db0
- https://git.kernel.org/stable/c/efefe36c03a73bb81c0720ce397659a5051b73fa
- https://git.kernel.org/stable/c/f45a77dd24ae9ddb474303ec3975c376bd99fc51
- https://git.kernel.org/stable/c/f70e4b9ec69d9a74b84c17767a9a4eda8c901021
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.176