CVE-2024-46761

Sept. 23, 2024, 4:06 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-476
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda
https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d
https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048
https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e
https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59
https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689
https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4
https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-476
2024-09-18
CVE-2024-46761

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 18, 2024, 8:15 a.m.
Last Modified: Sept. 23, 2024, 4:06 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.