SB20241230167 - NULL pointer dereference in Linux kernel hw hns driver
Published: December 30, 2024 Updated: May 11, 2025
Security Bulletin ID
SB20241230167
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-53226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/35f5b68f63aac61d30ce0b0c6beb09b8845a3e65
- https://git.kernel.org/stable/c/52617e76f4963644db71dc0a17e998654dc0c7f4
- https://git.kernel.org/stable/c/6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7
- https://git.kernel.org/stable/c/6b526d17eed850352d880b93b9bf20b93006bd92
- https://git.kernel.org/stable/c/71becb0e9df78a8d43dfd0efcef18c830a0af477
- https://git.kernel.org/stable/c/8c269bb2cc666ca580271e1a8136c63ac9162e1e
- https://git.kernel.org/stable/c/bd715e191d444992d6ed124f15856da5c1cae2de
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231