#VU97794 NULL pointer dereference in Linux kernel - CVE-2024-46807

Cybersecurity Help s.r.o.

Published: 2024-09-30

Vulnerability identifier: #VU97794

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a
https://git.kernel.org/stable/c/2be1eb6304d9623ba21dd6f3e68ffb753a759635
https://git.kernel.org/stable/c/4dfec5f5501a27e0a0da00e136d65ef9011ded4c
https://git.kernel.org/stable/c/e8765364d4f3aaf88c7abe0a4fc99089d059ab49
https://git.kernel.org/stable/c/6cd2b872643bb29bba01a8ac739138db7bd79007

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell SmartFabric Manager update for third-party components

Ubuntu update for linux-azure-5.15

Ubuntu update for linux-azure

Ubuntu update for linux-hwe-6.8

SUSE update for the Linux Kernel

Ubuntu update for linux