#VU90563 NULL pointer dereference in Linux kernel


Vulnerability identifier: #VU90563

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26931

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a
http://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9
http://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac
http://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a
http://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211
http://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d
http://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d
http://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150
http://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability