#VU92073 NULL pointer dereference in Linux kernel


Published: 2024-06-13

Vulnerability identifier: #VU92073

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26663

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1
http://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f
http://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95
http://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12
http://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6
http://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59
http://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd491205f87
http://git.kernel.org/stable/c/3871aa01e1a779d866fa9dfdd5a836f342f4eb87

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
NULL pointer dereference in Linux kernel tipc