#VU92350 NULL pointer dereference in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92350

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38547

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80
http://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272
http://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35
http://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069
http://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e
http://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0
http://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability