CVE-2024-56662
acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
Fix an issue detected by syzbot with KASAN:
BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/
core.c:416 [inline]
BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0
drivers/acpi/nfit/core.c:459
The issue occurs in cmd_to_func when the call_pkg->nd_reserved2
array is accessed without verifying that call_pkg points to a buffer
that is appropriately sized as a struct nd_cmd_pkg. This can lead
to out-of-bounds access and undefined behavior if the buffer does not
have sufficient space.
To address this, a check was added in acpi_nfit_ctl() to ensure that
buf is not NULL and that buf_len is less than sizeof(*call_pkg)
before accessing it. This ensures safe access to the members of
call_pkg, including the nd_reserved2 array.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-12-27 CVE Reserved
- 2024-12-27 CVE Published
- 2024-12-27 CVE Updated
- 2024-12-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/ebe9f6f19d80d8978d16078dff3d5bd93ad8d102 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/63108f2a408abea7ecab063efa0f398da4d0d14b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/f5878c4f084dc6b1386dad03970bb61ad5e9dc4b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/0c79794474895dbbc3c52225f7e9f73cfecbb7dd | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 5.10.232 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.10.232" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 5.15.175 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.15.175" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.1.121 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.1.121" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.6.67 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.6.67" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.12.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.12.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.1 < 6.13-rc3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.13-rc3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.14.176 Search vendor "Linux" for product "Linux Kernel" and version "4.14.176" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.19.31 Search vendor "Linux" for product "Linux Kernel" and version "4.19.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.0.4 Search vendor "Linux" for product "Linux Kernel" and version "5.0.4" | en |
Affected
| ||||||