CVE-2024-44939NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference34 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedAug 26
Latest updateDec 3

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 00

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel6.76.10.6+1
Debianlinux/linux_kernel< 6.1.112-1+2
Ubuntulinux/linux_kernel< 5.15.0-156.166+1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2f98bf80b20f4a930589cda48a35f751a64fe0dc2+5
debiandebian/linux< linux 6.1.112-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

16
OSV
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlate2025-12-03
OSV
linux-nvidia-tegra-igx vulnerabilities2025-10-06
OSV
linux-kvm vulnerabilities2025-10-01
OSV
linux-azure-5.15 vulnerabilities2025-10-01
OSV
linux-azure vulnerabilities2025-09-26

📋Vendor Advisories

17
Ubuntu
Linux kernel (NVIDIA Tegra IGX) vulnerabilities2025-10-06
Ubuntu
Linux kernel (KVM) vulnerabilities2025-10-01
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-01
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-26
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-09-25