SB20250327104 - Use-after-free in Linux kernel core
Published: March 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250327104
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-52999)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ops_init() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12075708f2e77ee6a9f8bb2cf512c38be3099794
- https://git.kernel.org/stable/c/66689a72ba73575e76d4f6a8748d3fa2690ec1c4
- https://git.kernel.org/stable/c/71ab9c3e2253619136c31c89dbb2c69305cc89b1
- https://git.kernel.org/stable/c/ad0dfe9bcf0d78e699c7efb64c90ed062dc48bea
- https://git.kernel.org/stable/c/d4c008f3b7f7d4ffd311eb2dae5e75b3cbddacd0
- https://git.kernel.org/stable/c/ddd49cbbd4c1ceb38032018b589b44208e54f55e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.231