CVE-2024-27053NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference47 documents8 sources
Severity
9.1CRITICALNVD
OSV7.0OSV6.5OSV5.5
EPSS
0.1%
top 68.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedMay 1
Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_dereference_check() usage! [...] stack backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333 Hardware name: Atmel SAMA5 unwind_b

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages9 packages

NVDlinux/linux_kernel5.15.4.273+6
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+2
CVEListV5linux/linuxc460495ee072fc01a9b1e8d72c179510418caface556006de4ea93abe2b46cba202a2556c544b8b2+8
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-aws, linux-aws-5.4, linux-iot vulnerabilities2024-07-23
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-07-19
OSV
linux-oracle, linux-xilinx-zynqmp vulnerabilities2024-07-17
OSV
linux-hwe-5.4, linux-oracle-5.4 vulnerabilities2024-07-16

📋Vendor Advisories

23
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-19
Ubuntu
Linux kernel vulnerabilities2024-07-17
Ubuntu
Linux kernel vulnerabilities2024-07-16

💬Community

1
Bugzilla
CVE-2024-27053 kernel: wifi: wilc1000: fix RCU usage in connect path2024-05-01
CVE-2024-27053 — NULL Pointer Dereference in Linux | cvebase