CVE-2024-47756

PCI: keystone: Fix if-statement expression in ks_pcie_quirk()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It potentially
results in a NULL dereference. Thus, fix the if-statement expression to use the correct condition. [kwilczynski: commit log]

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It potentially results in a NULL dereference. Thus, fix the if-statement expression to use the correct condition. [kwilczynski: commit log]

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-30 CVE Reserved
2024-10-21 CVE Published
2024-12-19 CVE Updated
2025-03-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (15)

URL	Tag	Source
https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6	Vuln. Introduced
https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246	Vuln. Introduced
https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881	Vuln. Introduced
https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61	Vuln. Introduced
https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572	Vuln. Introduced
https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a	Vuln. Introduced
https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9c9afc3e75069fcfb067727973242cfbf00dd7eb	2024-11-08
https://git.kernel.org/stable/c/c289903b7a216df5ea6e1850ddf1b958eea9921d	2024-10-17
https://git.kernel.org/stable/c/dc5aeba07395c8dfa29bb878c8ce4d5180427221	2024-10-17
https://git.kernel.org/stable/c/23838bef2adb714ec37b2d6141dccf4a3a70bdef	2024-10-17
https://git.kernel.org/stable/c/e85ab507882db165c10a858d7f685a0a38f0312e	2024-10-04
https://git.kernel.org/stable/c/72210e52e19a27f615e0b5273d2bf012d0dc318d	2024-10-04
https://git.kernel.org/stable/c/2171c5cb2fbc3e03af7e8116cd58736c09328655	2024-10-04
https://git.kernel.org/stable/c/6188a1c762eb9bbd444f47696eda77a5eae6207a	2024-08-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.284 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.284 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.226 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.226 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.167 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.167 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.110 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.110 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.51 < 6.6.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.51 < 6.6.54"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.10.10 < 6.10.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.10.10 < 6.10.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.11.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.11.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12"		en		Affected