CVE-2024-46739

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

For primary VM Bus channels, primary_channel pointer is always NULL. This
pointer is valid only for the secondary channels. Also, rescind callback
is meant for primary channels only.

Fix NULL pointer dereference by retrieving the device_obj from the parent
for the primary channel.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-11 CVE Reserved
2024-09-18 CVE Published
2024-09-21 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/ca3cda6fcf1e922213a0cc58e708ffb999151db3	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e	2024-09-12
https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4	2024-09-12
https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c	2024-09-12
https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c	2024-09-12
https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc	2024-09-12
https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99	2024-09-12
https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b	2024-09-12
https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e	2024-09-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 4.19.322 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 4.19.322"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.4.284 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.4.284"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.10.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.226"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.15.167 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.167"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.1.110 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.110"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.6.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.10.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.10.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.11"		en		Affected