CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix that.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464	Patch
https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3	Patch
https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665	Patch
https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b	Patch
https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be	Patch
https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464	Patch
https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3	Patch
https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665	Patch
https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b	Patch
https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

21 Nov 2024, 09:27

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464 - Patch~~	() https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464 - Patch
References	~~() https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3 - Patch~~	() https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3 - Patch
References	~~() https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665 - Patch~~	() https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665 - Patch
References	~~() https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b - Patch~~	() https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b - Patch
References	~~() https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be - Patch~~	() https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be - Patch

19 Aug 2024, 20:59

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464 -~~	() https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464 - Patch
References	~~() https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3 -~~	() https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3 - Patch
References	~~() https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665 -~~	() https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665 - Patch
References	~~() https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b -~~	() https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b - Patch
References	~~() https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be -~~	() https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/qcom/lmh: Verificar la disponibilidad de SCM en la sonda Hasta ahora, no se ha realizado la verificación de disponibilidad de SCM necesaria, lo que lleva a posibles desreferencias de puntero nulo (lo que me pasó en RB1). Arregla eso.
CWE		CWE-476
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::

25 Jun 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-25 15:15

Updated : 2024-11-21 09:27

NVD link : CVE-2024-39466

Mitre link : CVE-2024-39466

CVE.ORG link : CVE-2024-39466

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10