Vulnerabilities > CVE-2024-47743 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference in find_asymmetric_key() In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2} arguments, the kernel will first emit WARN but then have an oops because id_2 gets dereferenced anyway. Add the missing id_2 check and move WARN_ON() to the final else branch to avoid duplicate NULL checks. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/3322fa8f2aa40b0b3651034cd541647a600cc6c0
- https://git.kernel.org/stable/c/a3765b497a4f5224cb2f7a6a2d3357d3066214ee
- https://git.kernel.org/stable/c/13b5b401ead95b5d8266f64904086c55b6024900
- https://git.kernel.org/stable/c/0d3b0706ada15c333e6f9faf19590ff715e45d1e
- https://git.kernel.org/stable/c/70fd1966c93bf3bfe3fe6d753eb3d83a76597eef