CVE-2024-27413

efi/capsule-loader: fix incorrect allocation size

Severity Score

7.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi/capsule-loader: corrige el tamaño de asignación incorrecto gcc-14 advierte que la asignación con sizeof(void) en arquitecturas de 32 bits no es suficiente para phys_addr_t: drivers de 64 bits /firmware/efi/capsule-loader.c: En función 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: asignación de tamaño '4' insuficiente para el tipo 'phys_addr_t' {alias ' long long unsigned int'} con tamaño '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Utilice el tipo correcto aquí.

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-17 CVE Published
2024-12-19 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/f24c4d478013d82bd1b943df566fff3561d52864	Vuln. Introduced
https://git.kernel.org/stable/c/95a362c9a6892085f714eb6e31eea6a0e3aa93bf	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b	2024-03-06
https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd	2024-03-06
https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64	2024-03-06
https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050	2024-03-06
https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f	2024-03-06
https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492	2024-03-06
https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172	2024-03-06
https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e	2024-02-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.309 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.309"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.10.212 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.10.212"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.15.151 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.15.151"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.1.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.6.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.7.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.13 Search vendor "Linux" for product "Linux Kernel" and version "4.14.13"		en		Affected