CVE-2024-47743 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
KEYS: prevent NULL pointer dereference in find_asymmetric_key()
In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}
arguments, the kernel will first emit WARN but then have an oops because id_2 gets dereferenced anyway.
Add the missing id_2 check and move WARN_ON() to the final else branch to avoid duplicate NULL checks.
Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability described in CVE-2024-47743 represents a critical NULL pointer dereference flaw within the Linux kernel's key management subsystem, specifically in the find_asymmetric_key() function. This issue arises from inadequate input validation during asymmetric key lookup operations, where the kernel fails to properly validate all three identifier parameters before proceeding with dereference operations. The vulnerability demonstrates a classic security flaw that can lead to system instability and potential privilege escalation, as the kernel's handling of malformed input parameters results in an unexpected system crash or oops condition that terminates normal kernel operations.
The technical implementation of this vulnerability stems from the improper handling of three identifier arguments id_0, id_1, and id_2 within the find_asymmetric_key() function. When all three parameters are passed as NULL values, the kernel initially issues a warning message through the WARN_ON() macro but subsequently continues execution without proper validation, leading to a direct dereference of id_2 despite its potential NULL state. This flaw exemplifies a common coding error pattern where defensive programming checks are insufficiently applied, creating a path where the kernel's error handling logic fails to prevent execution of dangerous operations. The vulnerability specifically aligns with CWE-476 which addresses NULL pointer dereference issues, and represents a failure in input validation that violates secure coding principles.
The operational impact of this vulnerability extends beyond simple system crashes, as it can be exploited to cause denial of service conditions that may persist until system reboot. An attacker who can control the parameters passed to find_asymmetric_key() could potentially trigger the vulnerability through malicious key management operations, leading to system instability that affects kernel memory management and key subsystem functionality. The vulnerability's discovery through static analysis by the Linux Verification Center using the Svace tool demonstrates the effectiveness of automated security analysis in identifying subtle but critical flaws in kernel code, highlighting the importance of comprehensive testing and verification in security-critical systems. The flaw also relates to ATT&CK technique T1068 which involves exploiting weaknesses in system design to gain elevated privileges or cause system instability.
The mitigation strategy for this vulnerability involves implementing proper input validation that checks all three identifier parameters before any dereference operations occur, ensuring that the kernel's error handling logic prevents execution paths that could lead to NULL pointer dereferences. The fix requires adding the missing id_2 validation check and restructuring the conditional logic to move the WARN_ON() macro to the final else branch, thereby eliminating redundant NULL checks and ensuring that all code paths properly validate input parameters. This approach follows secure coding best practices that align with industry standards for kernel security and represents a defensive programming solution that prevents the execution flow from reaching dangerous operations. The fix demonstrates the importance of proper parameter validation in kernel space operations and reinforces the principle that security-critical functions must validate all inputs before processing, particularly in cryptographic and key management subsystems where malformed inputs can have severe operational consequences.