SB2024042241 - Privilege escalation in Linux kernel ACPI

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2021-46966)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cm_write() function in drivers/acpi/custom_method.c. A local user can trigger a use-after-free error and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394
• https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be
• https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23
• https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17
• https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b
• https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203
• https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b
• https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234
• https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.118