PT-2024-32789 · Linux+6 · Linux Kernel+6

Published

2024-10-21

·

Updated

2025-09-29

·

CVE-2024-47743

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description A vulnerability in the Linux kernel has been resolved, which prevented a NULL pointer dereference in the find asymmetric key() function. If all NULLs are passed in the id {0,1,2} arguments, the kernel will first emit a warning but then have an oops because id 2 gets dereferenced anyway. The issue was found by the Linux Verification Center with the Svace static analysis tool.
Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider adding the missing id 2 check and moving WARN ON() to the final else branch to avoid duplicate NULL checks in the find asymmetric key() function.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-14268
AZL-50643
BDU:2025-03387
CVE-2024-47743
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2325
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu