CVE-2024-0841

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

Published: Jan 28, 2024
Updated: Feb 3, 2024
CVE: CVE-2024-0841
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
linux / linux_kernel	6.7	6.7.6
linux / linux_kernel	6.2	6.6.18
linux / linux_kernel	5.16	6.1.79
linux / linux_kernel	5.11	5.15.151
linux / linux_kernel	5.5	5.10.212
linux / linux_kernel	5.1	5.4.271

https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/errata/RHSA-2024:2950
https://access.redhat.com/errata/RHSA-2024:3138
https://access.redhat.com/security/cve/CVE-2024-0841
https://bugzilla.redhat.com/show_bug.cgi?id=2256490
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Vulnerability Database

289,599

CVE-2024-0841