Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function
CVE-2024-0841

6.6MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
28 January 2024

What is CVE-2024-0841?

The null pointer dereference flaw arises in the hugetlbfs_fill_super function within the Linux kernel's HugeTLB pages functionality. This vulnerability may enable a local user to cause a system crash or gain elevated privileges, significantly impacting system stability and security. Software deployments utilizing the affected HugeTLB mechanisms require immediate attention to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Red Hat Enterprise Linux 8 0:4.18.0-553.rt7.342.el8_10

Red Hat Enterprise Linux 8 0:4.18.0-553.el8_10

Red Hat Enterprise Linux 9 0:5.14.0-427.13.1.el9_4

References

https://access.redhat.com/errata/RHSA-2024:2394
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2950
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3138
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-0841 : Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function