#VU96847 NULL pointer dereference in Linux kernel - CVE-2024-44989
Vulnerability identifier: #VU96847
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21
https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294
https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f
https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548
https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436
https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
