#VU98949 NULL pointer dereference in Linux kernel - CVE-2024-49962
Vulnerability identifier: #VU98949
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982
https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c
https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a
https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546
https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d
https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d
https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
