#VU95503 Use-after-free in Linux kernel - CVE-2024-42232
Published: August 7, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU95503
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-42232
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf
- https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea
- https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c
- https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7
- https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a
- https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d
- https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e
- https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41