PT-2024-32741 · Linux+4 · Linux Kernel+4

Jinjie Ruan

·

Published

2024-08-12

·

Updated

2025-04-01

·

CVE-2024-47688

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description A potential null-ptr-deref issue has been resolved in the Linux kernel's driver core. The issue occurs when kasprintf() fails in module add driver(), causing a null pointer dereference in kernfs name hash() due to strlen() being called with a NULL driver name. This can lead to a kernel panic. The issue is fixed by releasing resources based on the exit path sequence.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the module add driver() function until a patch is available. Restrict access to the vulnerable of fpga region module to minimize the risk of exploitation. Avoid using the driver name parameter in the affected sysfs remove link() API endpoint until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-50895
BDU:2025-03415
CVE-2024-47688
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2367
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1

Affected Products

Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu