CVE-2024-46721

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.8.0-24-generic #24 and earlier

Description A NULL pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs when the profile->parent->dents[AAFS PROF DIR] pointer is NULL, which can happen if its parent is made from create missing ancestors() and 'ent->old' is NULL in aa replace profiles(). This vulnerability can cause a kernel NULL pointer dereference.

Recommendations To resolve this issue, update the Linux kernel to a version later than 6.8.0-24-generic #24. As a temporary workaround, consider disabling the aafs create.constprop.0() function until a patch is available. Restrict access to the vulnerable aa replace profiles() function to minimize the risk of exploitation. Avoid using the profile->parent->dents[AAFS PROF DIR] pointer in the affected API endpoint until the issue is resolved.