PT-2024-33986 · Linux+8 · Linux Kernel+8
Wang Hai
·
Published
2024-11-07
·
Updated
2025-10-03
·
CVE-2024-50153
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.61
Description:
A null-ptr-deref issue was reported by KASAN in the Linux kernel, specifically in the
target alloc device() function. This issue occurs when memory allocation for device queues fails, and the device is freed by dev->transport->free device(), but dev->transport is not initialized at that time, leading to a null pointer reference problem. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.Recommendations:
For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the
target alloc device() function until a patch is available. Restrict access to the vulnerable target core mod module to minimize the risk of exploitation. Avoid using the dev->transport->free device() function in the affected code path until the issue is resolved.Exploit
Fix
Use After Free
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu