#VU102929 NULL pointer dereference in Linux kernel - CVE-2024-55916
Published: January 17, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU102929
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-55916
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the util_probe() function in drivers/hv/hv_util.c, within the hv_vss_init() function in drivers/hv/hv_snapshot.c, within the hv_kvp_init() function in drivers/hv/hv_kvp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/042253c57be901bfd19f15b68267442b70f510d5
- https://git.kernel.org/stable/c/07a756a49f4b4290b49ea46e089cbe6f79ff8d26
- https://git.kernel.org/stable/c/3dd7a30c6d7f90afcf19e9b072f572ba524d7ec6
- https://git.kernel.org/stable/c/718fe694a334be9d1a89eed22602369ac18d6583
- https://git.kernel.org/stable/c/89fcec5e466b3ac9b376e0d621c71effa1a7983f
- https://git.kernel.org/stable/c/d81f4e73aff9b861671df60e5100ad25cc16fbf8
- https://git.kernel.org/stable/c/f091a224a2c82f1e302b1768d73bb6332f687321
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.289