CVE-2024-26770

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.19 and 6.7.7

Description The issue concerns a null pointer dereference in the 'nvidia-shield' component of the Linux kernel. This occurs because the devm kasprintf() function returns a pointer to dynamically allocated memory, which can be NULL upon failure. To ensure the allocation was successful, it is necessary to check the pointer validity. A local network attack risk is associated with this issue.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.19 or 6.7.7, or later. As a temporary workaround, consider restricting access to the 'nvidia-shield' component until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-170

Related Identifiers

AZL-55977

BDU:2025-03609

CVE-2024-26770

Affected Products

Linux Kernel

CVE-2024-26770

Weakness Enumeration

Related Identifiers

Affected Products

References · 25