#VU100625 NULL pointer dereference in Linux kernel - CVE-2024-50292
Vulnerability identifier: #VU100625
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db
https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28
https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c
https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39
https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88
https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
