CVE-2024-53222

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2024

Updated: Jan 8, 2025

CWE ID 476

Summary

CVE-2024-53222: A NULL pointer dereference vulnerability was identified in the Linux kernel's zram module. This issue was caused by a NULL pointer in the comp_algorithm_show() function, as reported by LTP. The vulnerability allows a user to trigger the issue by accessing the zram device via sysfs before it is fully initialized. By moving the initialization of comp_algorithm_set() ahead of device_add_disk(), this time window can be eliminated, ensuring the device is ready for user access and preventing the NULL pointer dereference.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0sPtHv
https://www.cve.org/CVERecord?id=CVE-2024-53222
https://nvd.nist.gov/vuln/detail/CVE-2024-53222

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners