#VU93058 NULL pointer dereference in Linux kernel


Published: 2024-06-21

Vulnerability identifier: #VU93058

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26717

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783
http://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c
http://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776
http://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3
http://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability