Linux Kernel Vulnerability in HyperV Utility Driver
CVE-2024-55916

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A race condition in the HyperV Utility Driver of the Linux kernel could cause a NULL pointer dereference if the KVP (or VSS) daemon initiates before the VMBus channel's ringbuffer is completely initialized. This situation arises when the KVP daemon opens the device file immediately upon creation, potentially leading to system instability. The vulnerability has been mitigated by adjusting the initialization sequence to ensure that the character device entry is only created after the channel has been fully opened, preventing the race condition and associated panic.

Affected Version(s)

Linux e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c

Linux e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c < 042253c57be901bfd19f15b68267442b70f510d5

References

https://git.kernel.org/stable/c/f091a224a2c82f1e302b1768d...

https://git.kernel.org/stable/c/d81f4e73aff9b861671df60e5...

https://git.kernel.org/stable/c/042253c57be901bfd19f15b68...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 9, 2025