CVE-2024-0841 : A null pointer dereference flaw was found in the hugetlbfs_fill

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Published 2024-01-28 12:15:53

Updated 2024-10-16 15:15:15

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-0841

Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.212
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.79
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.1 and before (<) 5.4.271
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.18
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.7.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.151
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-0841

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-0841

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-02-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.6	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H	1.8	4.7	Red Hat, Inc.	2024-01-28
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

CWE ids for CVE-2024-0841

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.
Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)

References for CVE-2024-0841

https://access.redhat.com/errata/RHSA-2024:2950

RHSA-2024:2950 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:3138

RHSA-2024:3138 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=2256490

2256490 – (CVE-2024-0841) CVE-2024-0841 kernel: hugetlbfs: Null pointer dereference in hugetlbfs_fill_super function
Issue Tracking
https://access.redhat.com/security/cve/CVE-2024-0841

CVE-2024-0841- Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2394

RHSA-2024:2394 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

[SECURITY] [DLA 3842-1] linux-5.10 security update
Issue Tracking;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-0841

Products affected by CVE-2024-0841

Exploit prediction scoring system (EPSS) score for CVE-2024-0841

CVSS scores for CVE-2024-0841

CWE ids for CVE-2024-0841

References for CVE-2024-0841