Login Sign Up

CVE-2024-45028

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's MMC (MultiMediaCard) test module. When the kernel fails to allocate high memory pages during MMC testing, it attempts to free a NULL pointer, causing a kernel panic or system crash. This affects Linux systems with the mmc_test module loaded, typically during development or testing scenarios.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches exist in stable kernel trees.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Requires mmc_test module to be loaded and memory allocation to fail during testing operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic when the mmc_test module is actively used with memory allocation failures.

🟢

If Mitigated

No impact if mmc_test module is not loaded or memory allocation succeeds normally.

🌐 Internet-Facing: LOW - Requires local access or kernel module interaction, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be triggered by privileged users or automated testing tools on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to trigger mmc_test operations and cause memory allocation failures, typically needs local access and kernel module interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (see references for specific commits)

Vendor Advisory: https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official distribution repositories. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable mmc_test module

linux

Prevent loading of the vulnerable mmc_test kernel module

echo 'blacklist mmc_test' >> /etc/modprobe.d/blacklist.conf
rmmod mmc_test

🧯 If You Can't Patch

  • Ensure mmc_test module is not loaded in production systems
  • Monitor system logs for kernel panic events and memory allocation failures

🔍 How to Verify

Check if Vulnerable:

Check if mmc_test module is loaded: lsmod | grep mmc_test

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update and verify mmc_test module functions without crashes

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference errors in kernel logs
  • MMC test module failure logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "mmc_test")

📊 Metadata

CVE ID: CVE-2024-45028
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: September 11, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45028, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)