5.5

CVE-2024-27413

efi/capsule-loader: fix incorrect allocation size

In the Linux kernel, the following vulnerability has been resolved:

efi/capsule-loader: fix incorrect allocation size

gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:

drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
  295 |         cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
      |                        ^

Use the correct type instead here.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.13 < 4.15
LinuxLinux Kernel Version >= 4.15.1 < 4.19.309
LinuxLinux Kernel Version >= 4.20 < 5.4.271
LinuxLinux Kernel Version >= 5.5 < 5.10.212
LinuxLinux Kernel Version >= 5.11 < 5.15.151
LinuxLinux Kernel Version >= 5.16 < 6.1.81
LinuxLinux Kernel Version >= 6.2 < 6.6.21
LinuxLinux Kernel Version >= 6.7 < 6.7.9
LinuxLinux Kernel Version4.15 Update-
LinuxLinux Kernel Version4.15 Updaterc7
LinuxLinux Kernel Version4.15 Updaterc8
LinuxLinux Kernel Version4.15 Updaterc9
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
LinuxLinux Kernel Version6.8 Updaterc4
LinuxLinux Kernel Version6.8 Updaterc5
LinuxLinux Kernel Version6.8 Updaterc6
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.153
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b
Patch
https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492
Patch
https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050
Patch
https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64
Patch
https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172
Patch
https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd
Patch
https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f
Patch
https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e
Patch