#VU102114 NULL pointer dereference in Linux kernel - CVE-2024-56629

Vulnerability identifier: #VU102114

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56629

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4

---

External links
https://git.kernel.org/stable/c/2cd323c55bd3f356bf23ae1b4c20100abcdc29d6
https://git.kernel.org/stable/c/2ed3e3a3ac06af8a6391c3d6a7791b7967d7d43a
https://git.kernel.org/stable/c/5912a921289edb34d40aeab32ea6d52d41e75fed
https://git.kernel.org/stable/c/59548215b76be98cf3422eea9a67d6ea578aca3d
https://git.kernel.org/stable/c/a7f0509556fa2f9789639dbcee9eed46e471ccef
https://git.kernel.org/stable/c/d031eef3cc2e3bf524509e38fb898e5335c85c96
https://git.kernel.org/stable/c/e689bc6697a7fcebd4a945ab0b1e1112c76024d8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.5

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.