#VU102142 NULL pointer dereference in Linux kernel - CVE-2024-53226

Vulnerability identifier: #VU102142

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53226

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/35f5b68f63aac61d30ce0b0c6beb09b8845a3e65
https://git.kernel.org/stable/c/52617e76f4963644db71dc0a17e998654dc0c7f4
https://git.kernel.org/stable/c/6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7
https://git.kernel.org/stable/c/6b526d17eed850352d880b93b9bf20b93006bd92
https://git.kernel.org/stable/c/71becb0e9df78a8d43dfd0efcef18c830a0af477
https://git.kernel.org/stable/c/8c269bb2cc666ca580271e1a8136c63ac9162e1e
https://git.kernel.org/stable/c/bd715e191d444992d6ed124f15856da5c1cae2de

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.