#VU90384 NULL pointer dereference in Linux kernel - CVE-2024-36926


Vulnerability identifier: #VU90384

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36926

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_dma_bus_setup_pSeriesLP() function in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4
http://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15
http://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155
http://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Guardium Data Protection
Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Ubuntu update for linux-lowlatency
SUSE update for the Linux Kernel
Ubuntu update for linux-oem-6.8
Ubuntu update for linux-nvidia-lowlatency