#VU98966 NULL pointer dereference in Linux kernel - CVE-2024-49877
Vulnerability identifier: #VU98966
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988
http://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe
http://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f8197112
http://git.kernel.org/stable/c/d52c5652e7dcb7a0648bbb8642cc3e617070ab49
http://git.kernel.org/stable/c/46b1edf0536a5291a8ad2337f88c926214b209d9
http://git.kernel.org/stable/c/4846e72ab5a0726e49ad4188b9d9df091ae78c64
http://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
