#VU91234 NULL pointer dereference in Linux kernel


Published: 2024-06-05

Vulnerability identifier: #VU91234

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35902

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c
http://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9
http://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14
http://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029
http://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196
http://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d
http://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a
http://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability