SB20250226314 - Use-after-free in Linux kernel jffs2
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226314
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2021-47656)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_free_ino_caches() function in fs/jffs2/fs.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/22327bd7988f21de3a53c1373f3b81542bfe1f44
- https://git.kernel.org/stable/c/30bf7244acf32f19cb722c39f7bc1c2a9f300422
- https://git.kernel.org/stable/c/3bd2454162ec6bbb5503233c804fce6e4b6dcec5
- https://git.kernel.org/stable/c/4c7c44ee1650677fbe89d86edbad9497b7679b5c
- https://git.kernel.org/stable/c/7a75740206af5f17e9f3efa384211cba70213da1
- https://git.kernel.org/stable/c/7bb7428dd73991bf4b3a7a61b493ca50046c2b13
- https://git.kernel.org/stable/c/8c0f024f29e055840a5a89fe23b96ae3f921afed
- https://git.kernel.org/stable/c/9150cb625b46f68d524f4cfd491f1aafc23e10a9
- https://git.kernel.org/stable/c/c3b07c875fa8f906f932976460fd14798596f101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.238