#VU97797 NULL pointer dereference in Linux kernel - CVE-2024-46819
Vulnerability identifier: #VU97797
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e
https://git.kernel.org/stable/c/d04ded1e73f1dcf19a71ec8b9cda3faa7acd8828
https://git.kernel.org/stable/c/70e8ec21fcb8c51446899d3bfe416b31adfa3661
https://git.kernel.org/stable/c/7d265772e44d403071a2b573eac0db60250b1c21
https://git.kernel.org/stable/c/130c2dc75c8c40acc3c96ededea6af80e03c14b8
https://git.kernel.org/stable/c/d190b459b2a4304307c3468ed97477b808381011
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
