#VU96536 NULL pointer dereference in Linux kernel - CVE-2024-43894

Vulnerability identifier: #VU96536

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43894

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6
https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e
https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52
https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62
https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d
https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff
https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.