#VU98948 NULL pointer dereference in Linux kernel - CVE-2024-49978

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU98948

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49978

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc
https://git.kernel.org/stable/c/af3122f5fdc0d00581d6e598a668df6bf54c9daa
https://git.kernel.org/stable/c/33e28acf42ee863f332a958bfc2f1a284a3659df
https://git.kernel.org/stable/c/3cd00d2e3655fad3bda96dc1ebf17b6495f86fea
https://git.kernel.org/stable/c/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-hwe-6.8

Ubuntu update for linux-ibm

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-gcp-6.8

Ubuntu update for linux-aws

Ubuntu update for linux-oem-6.11

Ubuntu update for linux-oracle

Ubuntu update for linux-nvidia

Ubuntu update for linux-gcp

Ubuntu update for linux