5.5
CVE-2024-26975
- EPSS 0.23%
- Veröffentlicht 01.05.2024 06:15:14
- Zuletzt bearbeitet 23.12.2024 14:02:46
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
powercap: intel_rapl: Fix a NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved:
powercap: intel_rapl: Fix a NULL pointer dereference
A NULL pointer dereference is triggered when probing the MMIO RAPL
driver on platforms with CPU ID not listed in intel_rapl_common CPU
model list.
This is because the intel_rapl_common module still probes on such
platforms even if 'defaults_msr' is not set after commit 1488ac990ac8
("powercap: intel_rapl: Allow probing without CPUID match"). Thus the
MMIO RAPL rp->priv->defaults is NULL when registering to RAPL framework.
Fix the problem by adding sanity check to ensure rp->priv->rapl_defaults
is always valid.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.5 < 6.6.24
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12
Linux ≫ Linux Kernel Version >= 6.8 < 6.8.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.132 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/0641908b906a133f1494c312a71f9fecbe2b6c78
https://git.kernel.org/stable/c/2d1f5006ff95770da502f8cee2a224a1ff83866e
https://git.kernel.org/stable/c/2f73cf2ae5e0f4e629db5be3a4380ff7807148e6
https://git.kernel.org/stable/c/9b254feb249981b66ccdb1dae54e757789a15ba1