SB2024091887 - NULL pointer dereference in Linux kernel uio driver
Published: September 18, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024091887
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-46739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e
- https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4
- https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c
- https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c
- https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc
- https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99
- https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b
- https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.322
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.226
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.167
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.284
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51