CVE-2024-46739

MEDIUM EPSS 19.2%
Published Sep 18, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 18, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
19.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥4.16  –  <4.19.322
linuxlinux_kernel*≥4.20  –  <5.4.284
linuxlinux_kernel*≥5.5  –  <5.10.226
linuxlinux_kernel*≥5.11  –  <5.15.167
linuxlinux_kernel*≥5.16  –  <6.1.110
linuxlinux_kernel*≥6.2  –  <6.6.51
linuxlinux_kernel*≥6.7  –  <6.10.10
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e
    Patch