CVE-2024-27037
clk: zynq: Prevent null pointer dereference caused by kmalloc failure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
clk: zynq: Prevent null pointer dereference caused by kmalloc failure
The kmalloc() in zynq_clk_setup() will return null if the
physical memory has run out. As a result, if we use snprintf()
to write data to the null address, the null pointer dereference
bug will happen.
This patch uses a stack variable to replace the kmalloc().
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: zynq: evita la desreferencia del puntero nulo causada por una falla de kmalloc. El kmalloc() en zynq_clk_setup() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos snprintf() para escribir datos en la dirección nula, se producirá el error de desreferencia del puntero nulo. Este parche utiliza una variable de pila para reemplazar kmalloc().
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-05-01 CVE Published
- 2024-05-02 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/0ee52b157b8ed88550ddd6291e54bb4bfabde364 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 5.15.153 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 5.15.153" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.1.83" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.6.23" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.7.11" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.8.2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.9" | en |
Affected
| ||||||