#VU98943 NULL pointer dereference in Linux kernel - CVE-2024-50000

Vulnerability identifier: #VU98943

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff
https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b
https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca
https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932
https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2
https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.