A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in
the network sub-component in the Linux Kernel. This flaw allows a local
user to observe a refcnt use-after-free issue when receiving an igmp query
packet, leading to a kernel information leak.
Author | Note |
---|---|
Priority reason: By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation. | |
cache-use-only | duplicates CVE-2023-6932 |
access.redhat.com/security/cve/CVE-2024-0584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0584
git.kernel.org/linus/e2b706c691905fe78468c361aaabc719d0a496f1 (6.7-rc4)
launchpad.net/bugs/cve/CVE-2024-0584
lore.kernel.org/netdev/170083982540.9628.4546899811301303734.git-patchwork-notify@kernel.org/T/
nvd.nist.gov/vuln/detail/CVE-2024-0584
security-tracker.debian.org/tracker/CVE-2024-0584