#VU102102 NULL pointer dereference in Linux kernel - CVE-2024-56700
Vulnerability identifier: #VU102102
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269
https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4
https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8
https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e
https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10
https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091
https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990
https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9
https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
