PT-2024-31316 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2024-04-11

·

Updated

2026-05-26

·

CVE-2024-44939

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description A null pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the dtInsertEntry() function when the pointer h has the same value as p, causing the p->header.flag to be cleared after writing the name in UniStrncpy to le(). This leads to entering an incorrect branch and accessing the uninitialized object ih when judging the condition for the second time. The vulnerability can cause a general protection fault, probably for a non-canonical address.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider restricting access to the dtInsertEntry() function until a patch is available. Additionally, ensure that the freelist is checked before calling dtInsert() to prevent the null pointer dereference.

Exploit

Fix

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49075
BDU:2025-03153
CVE-2024-44939
DLA-4008-1
DSA-5782-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2154
OESA-2024-2182
OESA-2024-2183
OESA-2024-2218
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu