NULL pointer dereference in Linux kernel core



| Updated: 2025-05-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-41048
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU94982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15 - 6.6.40

CPE2.3 External links

https://git.kernel.org/stable/c/195b7bcdfc5adc5b2468f279dd9eb7eebd2e7632
https://git.kernel.org/stable/c/fb61d7b9fb6ef0032de469499a54dab4c7260d0d
https://git.kernel.org/stable/c/b180739b45a38b4caa88fe16bb5273072e6613dc
https://git.kernel.org/stable/c/f8bd689f37f4198a4c61c4684f591ba639595b97
https://git.kernel.org/stable/c/f0c18025693707ec344a70b6887f7450bf4c826b
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###