#VU98987 NULL pointer dereference in Linux kernel - CVE-2024-47705
Vulnerability identifier: #VU98987
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/4bc4272e2506941c3f3d4fb8b0c659ee814dcf6f
https://git.kernel.org/stable/c/cc4d21d9492db4e534d3e01253cf885c90dd2a8b
https://git.kernel.org/stable/c/64cf2a39202ca2d9df5ee70eb310b6141ce2b8ed
https://git.kernel.org/stable/c/80f5bfbb80ea1615290dbc24f49d3d8c86db58fe
https://git.kernel.org/stable/c/652039ba477c9a4ab43740cf2cb0d068d53508c2
https://git.kernel.org/stable/c/afe53ea9b378c376101d99d216f13b6256f75189
https://git.kernel.org/stable/c/26e197b7f9240a4ac301dd0ad520c0c697c2ea7d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
