#VU105657 NULL pointer dereference in Linux kernel - CVE-2024-58088
Vulnerability identifier: #VU105657
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cgroup_storage_map_alloc() function in kernel/bpf/bpf_cgrp_storage.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.13, 6.13.1, 6.13.2, 6.13.3, 6.13.4
External links
https://git.kernel.org/stable/c/6ecb9fa14eec5f15d97c84c36896871335f6ddfb
https://git.kernel.org/stable/c/c78f4afbd962f43a3989f45f3ca04300252b19b5
https://git.kernel.org/stable/c/fac674d2bd68f3479f27328626b42d1eebd11fef
https://git.kernel.org/stable/c/fcec95b4ab3e7bc6b2f36e5d59f7e24104ea87f7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
