#VU94258 NULL pointer dereference in Linux kernel - CVE-2024-39506

Cybersecurity Help s.r.o.

Published: 2024-07-13 | Updated: 2025-05-13

Vulnerability identifier: #VU94258

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39506

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.19 - 4.19.316, 5.4 - 5.4.278, 5.10 - 5.10.220, 5.15 - 5.15.161, 6.1 - 6.1.94, 6.6 - 6.6.34

External links
https://git.kernel.org/stable/c/87d6bdc006f0cbf297a3b2ad6e40ede4c3ee5dc2
https://git.kernel.org/stable/c/dcc7440f32c7a26b067aff6e7d931ec593024a79
https://git.kernel.org/stable/c/cbf18d8128a753cb632bef39470d19befd9c7347
https://git.kernel.org/stable/c/a86490a3712cc513113440a606a0e77130abd47c
https://git.kernel.org/stable/c/f1ab15a09492a5ae8ab1e2c35ba2cf9e150d25ee
https://git.kernel.org/stable/c/fd2b613bc4c508e55c1221c6595bb889812a4fea
https://git.kernel.org/stable/c/a6f4d0ec170a46b5f453cacf55dff5989b42bbfa
https://git.kernel.org/stable/c/c44711b78608c98a3e6b49ce91678cd0917d5349
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Integrated Analytics System

Dell RecoverPoint for Virtual Machines update for third-party components

APEX Cloud Platform for Microsoft Azure update for third-party components

Dell SmartFabric Storage Software update for third-party components

Anolis OS update for kernel

Multiple vulnerabilities in IBM Cloud Pak for AIOps

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in IBM Storage Copy Data Management

Multiple vulnerabilities in Dell Secure Connect Gateway

Multiple vulnerabilities in IBM Spectrum Protect Plus