SB20240531139 - Use-after-free in Linux kernel can j1939
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531139
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-52637)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532
- https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba
- https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8
- https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed
- https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50
- https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d
- https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8