#VU90601 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90601

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26776

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hisi_sfc_v3xx_isr() function in drivers/spi/spi-hisi-sfc-v3xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5
http://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d
http://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8
http://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4
http://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd
http://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-raspi
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Debian update for linux
Debian update for linux
Slackware Linux update for kernel
Ubuntu update for linux-ibm-5.15
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux-gkeop