-

CVE-2024-27413

EPSS 0.07%
Veröffentlicht 17.05.2024 12:15:12
Zuletzt bearbeitet 21.11.2024 09:04:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

efi/capsule-loader: fix incorrect allocation size

gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:

drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
  295 |         cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
      |                        ^

Use the correct type instead here.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 00cf21ac526011a29fc708f8912da446fac19f7b

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < 950d4d74d311a18baed6878dbfba8180d7e5dddd

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < 537e3f49dbe88881a6f0752beaa596942d9efd64

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < 4b73473c050a612fb4317831371073eda07c3050

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < ddc547dd05a46720866c32022300f7376c40119f

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < 11aabd7487857b8e7d768fefb092f66dfde68492

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < 62a5dcd9bd3097e9813de62fa6f22815e84a0172

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version < fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e

Version f24c4d478013d82bd1b943df566fff3561d52864

Status affected

Version 95a362c9a6892085f714eb6e31eea6a0e3aa93bf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.15

Status affected

Version < 4.15

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.309

Status unaffected

Version <= 5.4.*

Version 5.4.271

Status unaffected

Version <= 5.10.*

Version 5.10.212

Status unaffected

Version <= 5.15.*

Version 5.15.151

Status unaffected

Version <= 6.1.*

Version 6.1.81

Status unaffected

Version <= 6.6.*

Version 6.6.21

Status unaffected

Version <= 6.7.*

Version 6.7.9

Status unaffected

Version <= *

Version 6.8

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.214

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b

https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492

https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050

https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64

https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172

https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd

https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f

https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e

https://nvd.nist.gov/vuln/detail/CVE-2024-27413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27413

EUVD