Informazioni sul CVE-2024-41084
cxl/region: Avoid null pointer dereference in region lookup
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-41084
Descrizione: In the Linux kernel, the following vulnerability has been fixed: cxl/region: Prevent null pointer dereference in region lookup cxl_dpa_to_region() looks up a region based on memdev and DPA. It incorrectly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true, it leads to a null pointer dereferece looking up the region name. This appears during testing of region lookup after a failure to assemble a BIOS defined region or if the lookup raced with the assembly of the BIOS defined region. Failure to clean up BIOS defined regions that fail assembly is an issue in itself and a fix to that problem will alleviate some of the impact. It will not alleviate the race condition so let’s harden this path. The behavior change is that the kernel oops due to a null pointer dereferece is replaced with a dev_dbg() message noting that an endpoint was mapped. Additional comments are added to ensure future users of this function can better understand what it provides.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/a9e099e29e925f8b31cfe53e8a786b9796f8e453
- https://git.kernel.org/stable/c/b8a40a6dbfb0150c1081384caa9bbe28ce5d5060
- https://git.kernel.org/stable/c/285f2a08841432fc3e498b1cd00cce5216cdf189
Prodotti interessati
- Linux – Linux
- Linux – Linux
Relazioni con altri prodotti
Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0