CVE-2024-46822

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This function would then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

02 Oct 2024, 14:24

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd - () https://git.kernel.org/stable/c/2488444274c70038eb6b686cba5f1ce48ebb9cdd - Patch
References () https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e - () https://git.kernel.org/stable/c/40cae0df42e5e7f7a1c0f32deed9c4027c1ba94e - Patch
References () https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc - () https://git.kernel.org/stable/c/4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc - Patch
References () https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7 - () https://git.kernel.org/stable/c/62ca6d3a905b4c40cd942f3cc645a6718f8bc7e7 - Patch
References () https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b - () https://git.kernel.org/stable/c/945be49f4e832a9184c313fdf8917475438a795b - Patch
References () https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7 - () https://git.kernel.org/stable/c/bc7fbb37e3d2df59336eadbd6a56be632e3c7df7 - Patch
References () https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f - () https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f - Patch
CWE CWE-476

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: acpi: endurecer get_cpu_for_acpi_id() contra la entrada de CPU faltante En una discusión de revisión de los cambios para soportar vCPU hotplug donde se agregó una verificación en el GICC que se habilita si está en línea, se observó que es necesario volver a mapear a la CPU y usar eso para indexar en una cpumask. Como tal, se necesita una ID válida. Si una verificación MPIDR falla en acpi_map_gic_cpu_interface() es posible que la entrada en cpu_madt_gicc[cpu] == NULL. Esta función causaría una desreferencia de puntero NULL. Si bien no se ha establecido una ruta para activar esto, endurezca este llamador contra la posibilidad.

27 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 13:15

Updated : 2024-10-02 14:24


NVD link : CVE-2024-46822

Mitre link : CVE-2024-46822

CVE.ORG link : CVE-2024-46822


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference