CVE-2024-43823

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

03 Sep 2024, 17:49

Type Values Removed Values Added
CWE CWE-476
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23 - () https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23 - Patch
References () https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775 - () https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775 - Patch
References () https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506 - () https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506 - Patch
References () https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597 - () https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597 - Patch

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: keystone: corrige la desreferencia del puntero NULL en caso de error DT en ks_pcie_setup_rc_app_regs() Si no se proporciona IORESOURCE_MEM en el árbol de dispositivos debido a algún error, Resource_list_first_type() devolverá NULL y pci_parse_request_of_pci_ranges () simplemente emitirá una advertencia. Esto provocará una desreferencia del puntero NULL. Corrija este error agregando una verificación de devolución NULL. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE.

17 Aug 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-17 10:15

Updated : 2024-09-03 17:49


NVD link : CVE-2024-43823

Mitre link : CVE-2024-43823

CVE.ORG link : CVE-2024-43823


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference