#VU94245 NULL pointer dereference in Linux kernel - CVE-2024-40960

Vulnerability identifier: #VU94245

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40960

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/f0cda984e4e634b221dbf9642b8ecc5b4806b41e
https://git.kernel.org/stable/c/d66fc4826127c82f99c4033380f8e93833d331c7
https://git.kernel.org/stable/c/1ed9849fdf9a1a617129346b11d2094ca26828dc
https://git.kernel.org/stable/c/569c9d9ea6648d099187527b93982f406ddcebc0
https://git.kernel.org/stable/c/51ee2f7c30790799d0ec30c0ce0c743e58f046f2
https://git.kernel.org/stable/c/73e7c8ca6ad76f29b2c99c20845a6f3b203ff0c6
https://git.kernel.org/stable/c/6eed6d3cd19ff3cfa83aeceed86da14abaf7417b
https://git.kernel.org/stable/c/b86762dbe19a62e785c189f313cda5b989931f37

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.