SB2025011751 - Use-after-free in Linux kernel mm
Published: January 17, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025011751
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-57884)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2
- https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284
- https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c
- https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19
- https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8
- https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c
- https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.233