SB2024120312 - NULL pointer dereference in Linux kernel vmw_vsock

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2024-53103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hvs_destruct() function in net/vmw_vsock/hyperv_transport.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a
• https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a
• https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497
• https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d
• https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd
• https://git.kernel.org/stable/c/8621725afb38e111969c64280b71480afde2aace
• https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80
• https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267f4cd8e3
• https://git.kernel.org/stable/c/e629295bd60abf4da1db85b82819ca6a4f6c1e79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.324
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.230
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.172
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.286
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.8
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.1
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.61