#VU101914 NULL pointer dereference in Linux kernel - CVE-2024-53157
Published: December 27, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU101914
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-53157
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577
- https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac
- https://git.kernel.org/stable/c/109aa654f85c5141e813b2cd1bd36d90be678407
- https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417
- https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051
- https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6
- https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383
- https://git.kernel.org/stable/c/9beaff47bcea5eec7d4ead98f5043057161fd71a
- https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf1c3b325
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11