DEBIAN-CVE-2024-46739

DEBIAN-CVE-2024-46739 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0
Debian:14	linux	0, 0
Debian:12	linux	6.1.99-1, *, 0
Debian:11	linux	5.10.179-2, 5.10.179-3, 5.10.179-4
Debian:11	linux-6.1	0, 6.1.106-3~deb11u1, 6.1.112-1~deb11u1

Timeline

Sep 18, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-46739 advisory

Open in Interactive Console →