SB20240531431 - NULL pointer dereference in Linux kernel core
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531431
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-36937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __xdp_do_redirect_frame(), EXPORT_SYMBOL_GPL(), xdp_do_generic_redirect_map() and xdp_do_generic_redirect() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e
- https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc
- https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4
- https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553
- https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10