Skip over memory region when node value is NULL
CVE-2024-43860

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 August 2024

What is CVE-2024-43860?

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: imx_rproc: Skip over memory region when node value is NULL

In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts number of phandles. But phandles may be empty. So of_parse_phandle() in the parsing loop (0 < a < nph) may return NULL which is later dereferenced. Adjust this issue by adding NULL-return check.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[Fixed title to fit within the prescribed 70-75 charcters]

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux a0ff4aa6f010801b2a61c203c6e09d01b110fddf < 6884fd0283e0831be153fb8d82d9eda8a55acaaa

Linux a0ff4aa6f010801b2a61c203c6e09d01b110fddf < 84beb7738459cac0ff9f8a7c4654b8ff82a702c0

Linux a0ff4aa6f010801b2a61c203c6e09d01b110fddf < 6b50462b473fdccdc0dfad73001147e40ff19a66

References

https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d8...
https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4...
https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad730...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.