#VU90542 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90542

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35940

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041
http://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb
http://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682
http://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70
http://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc
http://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability