#VU100937 Use-after-free in Linux kernel - CVE-2024-53097
Published: November 26, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU100937
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-53097
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __do_krealloc() function in mm/slab_common.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/3dfb40da84f26dd35dd9bbaf626a2424565b8406
- https://git.kernel.org/stable/c/486aeb5f1855c75dd810c25036134961bd2a6722
- https://git.kernel.org/stable/c/704573851b51808b45dae2d62059d1d8189138a2
- https://git.kernel.org/stable/c/71548fada7ee0eb50cc6ccda82dff010c745f92c
- https://git.kernel.org/stable/c/8ebee7565effdeae6085458f8f8463363120a871
- https://git.kernel.org/stable/c/d02492863023431c31f85d570f718433c22b9311
- https://git.kernel.org/stable/c/d43f1430d47c22a0727c05b6f156ed25fecdfeb4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.173