CVE-2024-37021

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The current implementation of the fpga manager in the Linux kernel assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach can lead to a null pointer dereference while attempting to get the manager if the parent device does not have a driver. To address this problem, a module owner pointer is added to the fpga manager struct and used to take the module's refcount. The functions for registering the manager are modified to take an additional owner module parameter and renamed to avoid conflicts.

Recommendations Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the fpga manager functions until the update is applied.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-56303

BDU:2025-03051

CVE-2024-37021

DLA-4076-1

MGASA-2024-0263

MGASA-2024-0266

OESA-2025-1095

OESA-2025-1096

OESA-2025-1097

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-37021

Weakness Enumeration

Related Identifiers

Affected Products

References · 3096