#VU90162 Use-after-free in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90162

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35854

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/e118e7ea24d1392878ef85926627c6bc640c4388
http://git.kernel.org/stable/c/a429a912d6c779807f4d72a6cc0a1efaaa3613e1
http://git.kernel.org/stable/c/4c89642ca47fb620914780c7c51d8d1248201121
http://git.kernel.org/stable/c/813e2ab753a8f8c243a39ede20c2e0adc15f3887
http://git.kernel.org/stable/c/311eeaa7b9e26aba5b3d57b09859f07d8e9fc049
http://git.kernel.org/stable/c/a02687044e124f8ccb427cd3632124a4e1a7d7c1
http://git.kernel.org/stable/c/54225988889931467a9b55fdbef534079b665519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability