NULL pointer dereference in Linux kernel clk qcom driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-58080 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU105399
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58080
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/dispcc-sm6350.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.1 - 6.13.2
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.1.6:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2dba8d5d423fa5f6f3a687aa6e0da5808f69091b
https://git.kernel.org/stable/c/3ad28517385e2821e8e43388d6a0b3e1ba0bc3ab
https://git.kernel.org/stable/c/3daca9050857220726732ad9d4a8512069386f46
https://git.kernel.org/stable/c/a1f15808adfd77268eac7fefce5378ad9fedbfba
https://git.kernel.org/stable/c/d4cdb196f182d2fbe336c968228be00d8c3fed05
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.78
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
