CVE-2024-43906

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 26, 2024
Updated: Aug 27, 2024
CWE ID 476

Summary

CVE-2024-43906 is a medium-severity vulnerability in the Linux kernel affecting various products, including Qtrc2o, ohMfk4, and multiple others. The issue arises from a null pointer dereference that occurs when user space sets an invalid type attribute, leading to potential crashes or service disruptions. To remediate this vulnerability, users should apply the relevant patches released by the Linux kernel maintainers. The attack vector is local and requires low privileges, but if exploited, it could result in high availability impact without affecting confidentiality or integrity. Organizations using affected products should prioritize applying updates to mitigate potential risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share