← Back

CVE-2024-0841

nvd nist
Published: Jan 28, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Affected (8)

Linux
1 product
Linux Kernel
Redhat
1 product
Enterprise Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 5.1 to 5.4.271
Linux Kernel
From 5.11 to 5.15.151
Linux Kernel
From 5.16 to 6.1.79
Linux Kernel
From 5.5 to 5.10.212
Linux Kernel
From 6.2 to 6.6.18
Linux Kernel
From 6.7 to 6.7.6
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (11)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.