SB2025011790 - NULL pointer dereference in Linux kernel hv driver
Published: January 17, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025011790
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-55916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the util_probe() function in drivers/hv/hv_util.c, within the hv_vss_init() function in drivers/hv/hv_snapshot.c, within the hv_kvp_init() function in drivers/hv/hv_kvp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/042253c57be901bfd19f15b68267442b70f510d5
- https://git.kernel.org/stable/c/07a756a49f4b4290b49ea46e089cbe6f79ff8d26
- https://git.kernel.org/stable/c/3dd7a30c6d7f90afcf19e9b072f572ba524d7ec6
- https://git.kernel.org/stable/c/718fe694a334be9d1a89eed22602369ac18d6583
- https://git.kernel.org/stable/c/89fcec5e466b3ac9b376e0d621c71effa1a7983f
- https://git.kernel.org/stable/c/d81f4e73aff9b861671df60e5100ad25cc16fbf8
- https://git.kernel.org/stable/c/f091a224a2c82f1e302b1768d73bb6332f687321
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.289