CVE-2024-42277

In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8	Patch
https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922	Patch
https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb	Patch
https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c	Patch
https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

10 Sep 2024, 18:46

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CWE		CWE-476
References	~~() https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8 -~~	() https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8 - Patch
References	~~() https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922 -~~	() https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922 - Patch
References	~~() https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb -~~	() https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb - Patch
References	~~() https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c -~~	() https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c - Patch
References	~~() https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb -~~	() https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb - Patch

19 Aug 2024, 12:59

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu: sprd: Evite la deref NULL en sprd_iommu_hw_en En sprd_iommu_cleanup() antes de llamar a la función sprd_iommu_hw_en() dom->sdev es igual a NULL, lo que conduce a una desreferencia nula. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE.

19 Aug 2024, 05:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922 -

17 Aug 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-17 09:15

Updated : 2024-09-10 18:46

NVD link : CVE-2024-42277

Mitre link : CVE-2024-42277

CVE.ORG link : CVE-2024-42277

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10