#VU98972 NULL pointer dereference in Linux kernel - CVE-2024-47743
Vulnerability identifier: #VU98972
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the find_asymmetric_key() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/3322fa8f2aa40b0b3651034cd541647a600cc6c0
https://git.kernel.org/stable/c/a3765b497a4f5224cb2f7a6a2d3357d3066214ee
https://git.kernel.org/stable/c/13b5b401ead95b5d8266f64904086c55b6024900
https://git.kernel.org/stable/c/0d3b0706ada15c333e6f9faf19590ff715e45d1e
https://git.kernel.org/stable/c/70fd1966c93bf3bfe3fe6d753eb3d83a76597eef
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
