CVE-2024-47749

MEDIUM EPSS 13.8%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookup_atid The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the `act_establish()` and `act_open_rpl()` functions. Add a NULL check to prevent null pointer dereferencing. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥2.6.35  –  <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.54
linuxlinux_kernel*≥6.7  –  <6.10.13
linuxlinux_kernel*≥6.11  –  <6.11.2

References 11

  • git.kernel.org https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697
  • git.kernel.org https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f
  • git.kernel.org https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f
    Patch