#VU94259 NULL pointer dereference in Linux kernel - CVE-2024-39505
Vulnerability identifier: #VU94259
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0674ed1e58e2fdcc155e7d944f8aad007a94ac69
https://git.kernel.org/stable/c/bda7cdaeebf57e46c1a488ae7a15f6f264691f59
https://git.kernel.org/stable/c/86042e3d16b7e0686db835c9e7af0f9044dd3a56
https://git.kernel.org/stable/c/3b1cf943b029c147bfacfd53dc28ffa632c0a622
https://git.kernel.org/stable/c/9460961d82134ceda7377b77a3e3e3531b625dfe
https://git.kernel.org/stable/c/99392c98b9be0523fe76944b2264b1847512ad23
https://git.kernel.org/stable/c/b880018edd3a577e50366338194dee9b899947e0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
