#VU94258 NULL pointer dereference in Linux kernel - CVE-2024-39506
Vulnerability identifier: #VU94258
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2
https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79
https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347
https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c
https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee
https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea
https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa
https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
