CVE-2024-46769

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-46769
In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned value is not checked.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/2920294686ec23211637998f3ec386dfd3d784a6 Patch
https://git.kernel.org/stable/c/6e68abdc5d674f9f4185bf1e1956368d05df4838 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
History

30 Sep 2024, 12:44

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-476
References () https://git.kernel.org/stable/c/2920294686ec23211637998f3ec386dfd3d784a6 - () https://git.kernel.org/stable/c/2920294686ec23211637998f3ec386dfd3d784a6 - Patch
References () https://git.kernel.org/stable/c/6e68abdc5d674f9f4185bf1e1956368d05df4838 - () https://git.kernel.org/stable/c/6e68abdc5d674f9f4185bf1e1956368d05df4838 - Patch

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: intel: Agregar comprobación del valor devuelto por devm_kasprintf() intel_spi_populate_chip() usa devm_kasprintf() para establecer pdata->name. Esto puede devolver un puntero NULL en caso de error, pero este valor devuelto no se comprueba.

18 Sep 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-18 08:15

Updated : 2024-09-30 12:44

NVD link : CVE-2024-46769

Mitre link : CVE-2024-46769

CVE.ORG link : CVE-2024-46769

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024