#VU98897 Use-after-free in Linux kernel - CVE-2024-47706
Vulnerability identifier: #VU98897
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/e1277ae780cca4e69ef5468d4582dfd48f0b8320
https://git.kernel.org/stable/c/8aa9de02a4be2e7006e636816ce19b0d667ceaa3
https://git.kernel.org/stable/c/ddbdaad123254fb53e32480cb74a486a6868b1e0
https://git.kernel.org/stable/c/7faed2896d78e48ec96229e73b30b0af6c00a9aa
https://git.kernel.org/stable/c/880692ee233ba63808182705b3333403413b58f5
https://git.kernel.org/stable/c/6d130db286ad0ea392c96ebb2551acf0d7308048
https://git.kernel.org/stable/c/18ad4df091dd5d067d2faa8fce1180b79f7041a7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
