#VU96524 NULL pointer dereference in Linux kernel - CVE-2024-43909


Vulnerability identifier: #VU96524

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43909

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smu7_update_edc_leakage_table() and smu7_hwmgr_backend_init() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce
https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d
https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb
https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751
https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-azure-5.15
Ubuntu update for linux-azure
Ubuntu update for linux-hwe-6.8
Ubuntu update for linux
Ubuntu update for linux-nvidia
Ubuntu update for linux-gkeop
Ubuntu update for linux-intel-iotg
Ubuntu update for linux-azure
Ubuntu update for linux-aws
Ubuntu update for linux