CVE-2024-26975

powercap: intel_rapl: Fix a NULL pointer dereference

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

powercap: intel_rapl: Fix a NULL pointer dereference

A NULL pointer dereference is triggered when probing the MMIO RAPL
driver on platforms with CPU ID not listed in intel_rapl_common CPU
model list.

This is because the intel_rapl_common module still probes on such
platforms even if 'defaults_msr' is not set after commit 1488ac990ac8
("powercap: intel_rapl: Allow probing without CPUID match"). Thus the
MMIO RAPL rp->priv->defaults is NULL when registering to RAPL framework.

Fix the problem by adding sanity check to ensure rp->priv->rapl_defaults
is always valid.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powercap: intel_rapl: corrige una desreferencia de puntero NULL Se activa una desreferencia de puntero NULL al probar el controlador MMIO RAPL en plataformas con ID de CPU que no figuran en la lista de modelos de CPU intel_rapl_common. Esto se debe a que el módulo intel_rapl_common aún sondea en dichas plataformas incluso si 'defaults_msr' no está configurado después de confirmar 1488ac990ac8 ("powercap: intel_rapl: Permitir sondeo sin coincidencia de CPUID"). Por lo tanto, MMIO RAPL rp->priv->defaults es NULL cuando se registra en el marco RAPL. Solucione el problema agregando una verificación de cordura para garantizar que rp->priv->rapl_defaults siempre sea válido.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-12-19 CVE Updated
2024-12-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/1488ac990ac886b1209aa9f94c0c66022bcc8827	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0641908b906a133f1494c312a71f9fecbe2b6c78	2024-04-03
https://git.kernel.org/stable/c/9b254feb249981b66ccdb1dae54e757789a15ba1	2024-04-03
https://git.kernel.org/stable/c/2f73cf2ae5e0f4e629db5be3a4380ff7807148e6	2024-04-03
https://git.kernel.org/stable/c/2d1f5006ff95770da502f8cee2a224a1ff83866e	2024-02-13

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26975	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2278352	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.7.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.8.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.9"		en		Affected