CVE-2024-46739

MEDIUM

Linux Kernel 4.16-6.10.10 - NULL Pointer Dereference in uio_hv_generic

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel.

References (10)

Core 10
Core References

Scores

CVSS v3 5.5
EPSS 0.0027
EPSS Percentile 19.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (27)
linux/Kernel 4.16.0 - 4.19.322linux
linux/Kernel 4.20.0 - 5.4.284linux
linux/Kernel 5.11.0 - 5.15.167linux
linux/Kernel 5.16.0 - 6.1.110linux
linux/Kernel 5.5.0 - 5.10.226linux
linux/Kernel 6.2.0 - 6.6.51linux
linux/Kernel 6.7.0 - 6.10.10linux
Linux/Linux < 4.16
Linux/Linux 4.16
Linux/Linux 4.19.322 - 4.19.*
... and 17 more
Published Sep 18, 2024
Tracked Since Feb 18, 2026