#VU96526 NULL pointer dereference in Linux kernel - CVE-2024-43907
Vulnerability identifier: #VU96526
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622
https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac
https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201
https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30
https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82
https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
