Vulnerabilities > CVE-2024-26878 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer dereference will be triggered. So let's fix it by using a temporary pointer to avoid this issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25
- https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25
- https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5
- https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5
- https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0
- https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0
- https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0
- https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0
- https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877
- https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877
- https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754
- https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754
- https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1
- https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1
- https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f
- https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f
- https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7
- https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html