PT-2024-29250 · Linux+6 · Linux Kernel+6

Andreas Hindborg

·

Published

2024-06-03

·

Updated

2025-09-29

·

CVE-2024-41077

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43
Description The issue is related to the null blk module in the Linux kernel, where the block size validation is incorrect. The block size should be between 512 and PAGE SIZE and be a power of 2. Without the patch, null blk would result in a null pointer dereference when loaded with a block size of 1536.
Recommendations Update to Linux kernel version 6.6.43 or later to resolve the issue. As a temporary workaround, consider avoiding the use of block sizes that are not a power of 2 and are between 512 and PAGE SIZE to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2025-02532
CVE-2024-41077
DLA-4008-1
DSA-5747-1
INFSA-2024_9315
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-1960
OESA-2024-1961
OESA-2024-1962
OESA-2024-1964
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2025:01919-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7156-1
USN-7194-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu