{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41055", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.627Z", "datePublished": "2024-07-29T14:32:10.672Z", "dateUpdated": "2025-05-04T12:57:33.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:33.295Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section->usage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms->usage\" to fix a race with section_deactivate() where\nms->usage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/mmzone.h"], "versions": [{"version": "90ad17575d26874287271127d43ef3c2af876cea", "lessThan": "0100aeb8a12d51950418e685f879cc80cb8e5982", "status": "affected", "versionType": "git"}, {"version": "b448de2459b6d62a53892487ab18b7d823ff0529", "lessThan": "bc17f2377818dca643a74499c3f5333500c90503", "status": "affected", "versionType": "git"}, {"version": "68ed9e33324021e9d6b798e9db00ca3093d2012a", "lessThan": "941e816185661bf2b44b488565d09444ae316509", "status": "affected", "versionType": "git"}, {"version": "70064241f2229f7ba7b9599a98f68d9142e81a97", "lessThan": "797323d1cf92d09b7a017cfec576d9babf99cde7", "status": "affected", "versionType": "git"}, {"version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800", "lessThan": "adccdf702b4ea913ded5ff512239e382d7473b63", "status": "affected", "versionType": "git"}, {"version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800", "lessThan": "82f0b6f041fad768c28b4ad05a683065412c226e", "status": "affected", "versionType": "git"}, {"version": "3a01daace71b521563c38bbbf874e14c3e58adb7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/mmzone.h"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.210", "versionEndExcluding": "5.10.222"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.149", "versionEndExcluding": "5.15.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.76", "versionEndExcluding": "6.1.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.15", "versionEndExcluding": "6.6.41"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.9.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"}, {"url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"}, {"url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"}, {"url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"}, {"url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"}, {"url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"}], "title": "mm: prevent derefencing NULL ptr in pfn_section_valid()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.647Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41055", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:28.194623Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:01.312Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.647Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41055", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:28.194623Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.094Z"}}], "cna": {"title": "mm: prevent derefencing NULL ptr in pfn_section_valid()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "90ad17575d26", "lessThan": "0100aeb8a12d", "versionType": "git"}, {"status": "affected", "version": "b448de2459b6", "lessThan": "bc17f2377818", "versionType": "git"}, {"status": "affected", "version": "68ed9e333240", "lessThan": "941e81618566", "versionType": "git"}, {"status": "affected", "version": "70064241f222", "lessThan": "797323d1cf92", "versionType": "git"}, {"status": "affected", "version": "5ec8e8ea8b77", "lessThan": "adccdf702b4e", "versionType": "git"}, {"status": "affected", "version": "5ec8e8ea8b77", "lessThan": "82f0b6f041fa", "versionType": "git"}], "programFiles": ["include/linux/mmzone.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.222", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/linux/mmzone.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"}, {"url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"}, {"url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"}, {"url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"}, {"url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"}, {"url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section->usage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms->usage\" to fix a race with section_deactivate() where\nms->usage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:32:10.672Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41055", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:01.312Z", "dateReserved": "2024-07-12T12:17:45.627Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:32:10.672Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "138634FF-1840-4C45-8CDE-6174B6F50352", "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.10.219", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0720413E-F29A-4C0A-9B57-5158A778C4A2", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.15.149", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BFB68AD-DB7E-4C4C-B598-274D83D12C4B", "versionEndExcluding": "6.1.100", "versionStartIncluding": "6.1.76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D8E9231-015C-48A6-BBDD-9DCEA3145858", "versionEndExcluding": "6.6.41", "versionStartIncluding": "6.6.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FAC1A24-181A-4DB7-801D-4BDF1B4E4116", "versionEndExcluding": "6.9.10", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section->usage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms->usage\" to fix a race with section_deactivate() where\nms->usage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: evita la eliminaci\u00f3n de la referencia NULL ptr en pfn_section_valid() La confirmaci\u00f3n 5ec8e8ea8b77 (\"mm/sparsemem: corrige la ejecuci\u00f3n al acceder a la secci\u00f3n_memoria->uso\") cambi\u00f3 pfn_section_valid() para agregar un READ_ONCE() llame a \"ms->usage\" para arreglar una ejecuci\u00f3n con section_deactivate() donde se puede borrar ms->usage. La llamada READ_ONCE(), por s\u00ed sola, no es suficiente para evitar la desreferencia al puntero NULL. Necesitamos comprobar su valor antes de desreferenciarlo."}], "id": "CVE-2024-41055", "lastModified": "2024-11-21T09:32:09.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T15:15:13.620", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6567", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6567", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6991", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.117.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6990", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:8613", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.90.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8614", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}], "bugzilla": {"description": "kernel: mm: prevent derefencing NULL ptr in pfn_section_valid()", "id": "2300429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300429"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm: prevent derefencing NULL ptr in pfn_section_valid()\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section->usage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms->usage\" to fix a race with section_deactivate() where\nms->usage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it."], "name": "CVE-2024-41055", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41055\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41055\nhttps://lore.kernel.org/linux-cve-announce/2024072928-CVE-2024-41055-5764@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}