#VU102115 NULL pointer dereference in Linux kernel - CVE-2024-56634

Vulnerability identifier: #VU102115

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56634

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the grgpio_probe() function in drivers/gpio/gpio-grgpio.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/050b23d081da0f29474de043e9538c1f7a351b3b
https://git.kernel.org/stable/c/09adf8792b61c09ae543972a1ece1884ef773848
https://git.kernel.org/stable/c/4733f68e59bb7b9e3d395699abb18366954b9ba7
https://git.kernel.org/stable/c/53ff0caa6ad57372d426b4f48fc0f66df43a731f
https://git.kernel.org/stable/c/8d2ca6ac3711a4f4015d26b7cc84f325ac608edb
https://git.kernel.org/stable/c/ad4dfa7ea7f5f7e9a3c78627cfc749bc7005ca7a
https://git.kernel.org/stable/c/db2fc255fcf41f536ac8666409849e11659af88d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.