NULL pointer dereference in Linux kernel ulp srpt driver



Published: 2024-05-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26744
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90596

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26744

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b
http://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82
http://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4
http://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8
http://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f
http://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d
http://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###