CVE-2024-38547 – A null-pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-38547?

CVE-2024-38547 has a CVSS score of 5.5 (MEDIUM). A null-pointer dereference vulnerability in the Linux kernel's atomisp media subsystem allows local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code. This affects systems using Intel Atom image signal processors with the affected kernel versions. The vulnerability requires local access to exploit.

📋 TL;DR

A null-pointer dereference vulnerability in the Linux kernel's atomisp media subsystem allows local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code. This affects systems using Intel Atom image signal processors with the affected kernel versions. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

Linux kernel with atomisp media subsystem enabled

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if CONFIG_VIDEO_ATOMISP is enabled and Intel Atom ISP hardware is present.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic causing system crash and denial of service.

🟢

If Mitigated

Limited to denial of service if kernel protections like KASLR and SMAP are enabled.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of triggering the specific media subsystem functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 3b621e9e9e148c0928ab109ac3d4b81487469acb or later

Vendor Advisory: https://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable atomisp module

linux

Prevent loading of vulnerable kernel module

echo 'blacklist atomisp' >> /etc/modprobe.d/blacklist.conf
rmmod atomisp

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable configuration
Implement strict privilege separation and limit users who can access media subsystem functions

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if atomisp module is loaded: 'uname -r' and 'lsmod | grep atomisp'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and atomisp module loads without crashes during media operations

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
NULL pointer dereference errors in dmesg
System crash/reboot events

Network Indicators:

None - local exploitation only

SIEM Query:

Search for kernel panic events or NULL pointer dereference in system logs

📊 Metadata

CVE ID: CVE-2024-38547

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: June 19, 2024

Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38547, you might also want to check these: