#VU101914 NULL pointer dereference in Linux kernel - CVE-2024-53157

Vulnerability identifier: #VU101914

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53157

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577
https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac
https://git.kernel.org/stable/c/109aa654f85c5141e813b2cd1bd36d90be678407
https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417
https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051
https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6
https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383
https://git.kernel.org/stable/c/9beaff47bcea5eec7d4ead98f5043057161fd71a
https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf1c3b325

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.