SB20241230161 - NULL pointer dereference in Linux kernel phy realtek driver
Published: December 30, 2024 Updated: May 11, 2025
Security Bulletin ID
SB20241230161
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-53204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtk_usb3phy_probe() function in drivers/phy/realtek/phy-rtk-usb3.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/48d52d3168749e10c1c37cd4ceccd18625851741
- https://git.kernel.org/stable/c/776f13ad1f88485206f1dca5ef138553106950e5
- https://git.kernel.org/stable/c/bf373d2919d98f3d1fe1b19a0304f72fe74386d9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13