CVE-2024-47749

low-risk

Published 2024-10-21

In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookup_atid The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the `act_establish()` and `act_open_rpl()` functions. Add a NULL check to prevent null pointer dereferencing. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (11)

Patch https://git.kernel.org/stable/c/0d50ae281a1712b9b2ca72830a96b8f11882358d

Patch https://git.kernel.org/stable/c/39cb9f39913566ec5865581135f3e8123ad1aee1

https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697

Patch https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e

Patch https://git.kernel.org/stable/c/b11318dc8a1ec565300bb1a9073095af817cc508

https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f

Patch https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624

Patch https://git.kernel.org/stable/c/dd598ac57dcae796cb58551074660c39b43fb155

Patch https://git.kernel.org/stable/c/e766e6a92410ca269161de059fff0843b8ddd65f

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal