CVE-2024-39470

low-risk

Published 2024-06-25

In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL. Hence,When ei->is_freed is set,return NULL directly.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9

Patch https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d

Patch https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4

Patch https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9

Patch https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d

Patch https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal