NULL pointer dereference in Linux kernel

#VU90596 NULL pointer dereference in Linux kernel

Published: 2024-05-31

Vulnerability identifier: #VU90596

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26744

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b
http://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82
http://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4
http://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8
http://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f
http://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d
http://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for kernel-rt

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel ulp srpt driver