#VU102125 NULL pointer dereference in Linux kernel - CVE-2024-56574
Vulnerability identifier: #VU102125
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba
https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6
https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999
https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026
https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088
https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d
https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
