CVE-2024-53222

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6+

Description A NULL pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the zram component, specifically in the comp algorithm show() function. This vulnerability can be triggered when a user accesses the zram device through sysfs after device add disk() has been called, but before comp algorithm set() has been invoked. The zram->comp algs[ZRAM PRIMARY COMP] can be NULL in zram add() if comp algorithm set() has not been called, leading to a NULL pointer dereference.

The vulnerability was reported by LTP, which detected a NULL pointer dereference. The call trace includes functions such as pi strcmp(), comp algorithm show(), dev attr show(), and sysfs kf seq show().

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 6.12.0-rc6+.

As a temporary workaround, consider restricting access to the zram device through sysfs until the update can be applied. This can help minimize the risk of exploitation.

Note: The exact version that includes the fix is not specified, so it is recommended to update to the latest available version of the Linux kernel.