CVE-2024-24856

{"id": "CVE-2024-24856", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@openanolis.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 0.8}]}, "published": "2024-04-17T09:15:07.743", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764", "source": "security@openanolis.org"}, {"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@openanolis.org", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY."}, {"lang": "es", "value": "La funci\u00f3n de asignaci\u00f3n de memoria ACPI_ALLOCATE_ZEROED no garantiza una asignaci\u00f3n exitosa, pero el c\u00f3digo posterior desreferencia directamente el puntero que la recibe, lo que puede provocar una desreferencia del puntero nulo. Para solucionar este problema, se debe agregar una verificaci\u00f3n de puntero nulo. Si es nulo, devuelve el c\u00f3digo de excepci\u00f3n AE_NO_MEMORY."}], "lastModified": "2024-11-21T08:59:51.540", "sourceIdentifier": "security@openanolis.org"}