#VU92348 NULL pointer dereference in Linux kernel - CVE-2024-38550

Cybersecurity Help s.r.o.

Published: 2024-06-20

Vulnerability identifier: #VU92348

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38550

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kirkwood_dma_hw_params() function in sound/soc/kirkwood/kirkwood-dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/d48d0c5fd733bd6d8d3ddb2ed553777ab4724169
https://git.kernel.org/stable/c/de9987cec6fde1dd41dfcb971433e05945852489
https://git.kernel.org/stable/c/1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c
https://git.kernel.org/stable/c/5bf5154739cd676b6d0958079070557c8d96afb6
https://git.kernel.org/stable/c/802b49e39da669b54bd9b77dc3c649999a446bf6
https://git.kernel.org/stable/c/ea60ab95723f5738e7737b56dda95e6feefa5b50

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Security Guardium

Ubuntu update for linux-azure-fde-5.15

Ubuntu update for linux-lowlatency

Ubuntu update for linux-ibm-5.15

Ubuntu update for linux-xilinx-zynqmp

Ubuntu update for linux-azure

Ubuntu update for linux

openEuler 24.03 LTS update for kernel

SUSE update for the Linux Kernel