#VU100123 NULL pointer dereference in Linux kernel - CVE-2024-50198
Vulnerability identifier: #VU100123
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
