#VU105016 NULL pointer dereference in Linux kernel - CVE-2024-57981

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU105016

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57981

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0ce5c0dac768be14afe2426101b568a0f66bfc4d
https://git.kernel.org/stable/c/1e0a19912adb68a4b2b74fd77001c96cd83eb073
https://git.kernel.org/stable/c/4ff18870af793ce2034a6ad746e91d0a3d985b88
https://git.kernel.org/stable/c/ae069cd2ba09a2bd6a87a68c59ef0b7ea39cd641
https://git.kernel.org/stable/c/b649f0d5bc256f691c7d234c3986685d54053de1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 24.03 LTS SP1 update for kernel

openEuler 24.03 LTS update for kernel

NULL pointer dereference in Linux kernel usb host driver