CVE-2024-43822

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-43822
In the Linux kernel, the following vulnerability has been resolved: ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() The value “-ENOMEM” was assigned to the local variable “ret” in one if branch after a devm_kzalloc() call failed at the beginning. This error code will trigger then a pcmdevice_remove() call with a passed null pointer so that an undesirable dereference will be performed. Thus return the appropriate error code directly.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/3722873d49a1788d5420894d4f6f63e35f5c1f13 Patch
https://git.kernel.org/stable/c/fa6f16eff7320c91e908309e31be34cbbe4b7e58 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

03 Sep 2024, 17:49

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/3722873d49a1788d5420894d4f6f63e35f5c1f13 - () https://git.kernel.org/stable/c/3722873d49a1788d5420894d4f6f63e35f5c1f13 - Patch
References () https://git.kernel.org/stable/c/fa6f16eff7320c91e908309e31be34cbbe4b7e58 - () https://git.kernel.org/stable/c/fa6f16eff7320c91e908309e31be34cbbe4b7e58 - Patch
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-476
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ASoc: PCM6240: Retorno directamente después de un devm_kzalloc() fallido en pcmdevice_i2c_probe() Se asignó el valor “-ENOMEM” a la variable local “ret” en una rama if después de un devm_kzalloc () la llamada falló al principio. Este código de error activará una llamada pcmdevice_remove() con un puntero nulo pasado, de modo que se realizará una desreferencia no deseada. Por lo tanto, devuelva el código de error apropiado directamente.

17 Aug 2024, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-17 10:15

Updated : 2024-09-03 17:49

NVD link : CVE-2024-43822

Mitre link : CVE-2024-43822

CVE.ORG link : CVE-2024-43822

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024