#VU98965 NULL pointer dereference in Linux kernel - CVE-2024-49879
Vulnerability identifier: #VU98965
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/2bda89735199683b03f55b807bd1e31a3857520b
https://git.kernel.org/stable/c/e60b0d3b5aa2e8d934deca9e11215af84e632bc9
https://git.kernel.org/stable/c/f37a1d9e5e22d5489309c3cd2db476dcdcc6530c
https://git.kernel.org/stable/c/b57b53e8ffcdfda87d954fc4187426a54fe75a3d
https://git.kernel.org/stable/c/0d71916694aceb207fefecf62dfa811ec1108bbd
https://git.kernel.org/stable/c/334de68eda2b99892ba869c15cb59bc956fd9f42
https://git.kernel.org/stable/c/e794b7b9b92977365c693760a259f8eef940c536
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
