#VU90520 NULL pointer dereference in Linux kernel - CVE-2024-27047
Vulnerability identifier: #VU90520
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b
https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a
https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8
https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563
https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b
https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad
https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523eb57b79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
