#VU90185 Use-after-free in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90185

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26974

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7
http://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81
http://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71
http://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f
http://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7
http://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc
http://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be
http://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828
http://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability