#VU91235 NULL pointer dereference in Linux kernel


Published: 2024-06-05

Vulnerability identifier: #VU91235

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35857

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the icmp_build_probe() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401
http://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270
http://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350
http://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767
http://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability