CVE-2024-41055: mm: prevent derefencing NULL ptr in pfn_section_valid()
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent derefencing NULL ptr in pfnsectionvalid()
Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memorysection->usage") changed pfnsectionvalid() to add a READONCE() call around "ms->usage" to fix a race with sectiondeactivate() where ms->usage can be cleared. The READONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it.
Other sources
Linux Kernel is vulnerable to a denial of service, caused by Null pointer dereference in mmzone.h. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-41055?
CVE-2024-41055 is classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2024-41055?
To fix CVE-2024-41055, update the Linux kernel to a version that is higher than 5.10.222, 5.15.163, 6.1.100, 6.6.41, or 6.9.10 as needed.
What versions of Linux kernel are affected by CVE-2024-41055?
CVE-2024-41055 affects various versions of the Linux kernel prior to 5.10.223, 5.15.163, 6.1.100, and others depending on the distribution.
Is there a patch available for CVE-2024-41055?
Yes, patches for CVE-2024-41055 are available in the updated kernel releases from Red Hat and Debian.
What is the nature of CVE-2024-41055 vulnerability?
CVE-2024-41055 involves a potential null pointer dereference in the Linux kernel's pfn_section_valid() function, which could lead to system instability.