SB2024073115 - Use-after-free in Linux kernel jffs2
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024073115
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-42115)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8
- https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67
- https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789
- https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65
- https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc
- https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455
- https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c
- https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39