#VU94963 NULL pointer dereference in Linux kernel - CVE-2024-42101
Vulnerability identifier: #VU94963
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e
https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a
https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d
https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07
https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef
https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9
https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e
https://git.kernel.org/stable/c/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
