PT-2024-3350 · Linux+5 · Linux Kernel+5

Kim Phillips

·

Published

2024-02-02

·

Updated

2025-01-07

·

CVE-2024-26695

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc1+ #311
Description The vulnerability is related to a null pointer dereference in the sev platform shutdown locked function. This issue can be triggered when the SEV platform device is shut down with a null psp master, for example, using DEBUG TEST DRIVER REMOVE. The vulnerability was found using KASAN (Kernel Address Sanitizer).
Technical details about exploitation include:
  • Function Name: sev platform shutdown locked
  • Vulnerable Parameter or Variable: psp master
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the null pointer dereference in sev platform shutdown locked. Specifically, versions 6.8.0-rc1+ #311 and later should include this fix.
As a temporary workaround, consider disabling the sev platform shutdown locked function until a patch is available. However, this may have unintended consequences on system functionality and should be approached with caution.
For versions prior to the fixed version, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-03622
CVE-2024-26695
DLA-3842-1
DSA-5658-1
DSA-5681-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6795-1
USN-6828-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu