Use-after-free in Linux kernel - CVE-2024-35969
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90143
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-35969
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/b4b3b69a19016d4e7fbdbd1dbcc184915eb862e1
- https://git.kernel.org/stable/c/cca606e14264098cba65efa82790825dbf69e903
- https://git.kernel.org/stable/c/3fb02ec57ead2891a2306af8c51a306bc5945e70
- https://git.kernel.org/stable/c/4b19e9507c275de0cfe61c24db69179dc52cf9fb
- https://git.kernel.org/stable/c/de76ae9ea1a6cf9e77fcec4f2df2904e26c23ceb
- https://git.kernel.org/stable/c/01b11a0566670612bd464a932e5ac2eae53d8652
- https://git.kernel.org/stable/c/6cdb20c342cd0193d3e956e3d83981d0f438bb83
- https://git.kernel.org/stable/c/7633c4da919ad51164acbf1aa322cc1a3ead6129
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.313
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.156
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.275
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.7