#VU94964 NULL pointer dereference in Linux kernel - CVE-2024-42089

Cybersecurity Help s.r.o.

Published: 2024-07-31 | Updated: 2025-05-12

Vulnerability identifier: #VU94964

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42089

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fsl_asoc_card_probe() function in sound/soc/fsl/fsl-asoc-card.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.19 - 4.19.316, 5.4 - 5.4.278, 5.10 - 5.10.220, 5.15 - 5.15.161, 6.1 - 6.1.96, 6.6 - 6.6.36

External links
https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a
https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a
https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9
https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a
https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac
https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed
https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6
https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Security Guardium

openEuler 24.03 LTS update for kernel

Ubuntu update for linux-gkeop

Ubuntu update for linux-lowlatency

Ubuntu update for linux-gke

Ubuntu update for linux-raspi

Ubuntu update for linux

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-aws

Ubuntu update for linux-nvidia