#VU97797 NULL pointer dereference in Linux kernel - CVE-2024-46819


Vulnerability identifier: #VU97797

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e
https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828
https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661
https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21
https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8
https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability