SecuriTricks - CVE-2024-50176

Description

In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix error handling when power-up failed By simply bailing out, the driver was violating its rule and internal assumptions that either both or no rproc should be initialized. E.g., this could cause the first core to be available but not the second one, leading to crashes on its shutdown later on while trying to dereference that second instance.

Product(s) Impacted

Vendor	Product	Versions
Linux	Linux Kernel	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/

References

https://git.kernel.org/stable/c/7afb5e3aa989c479979faeb18768a67889a7a9c6

https://git.kernel.org/stable/c/87ab3af7447791d0c619610fd560bd804549e187

https://git.kernel.org/stable/c/9ab27eb5866ccbf57715cfdba4b03d57776092fb

https://git.kernel.org/stable/c/afd102bde99d90ef41e043c846ea34b04433eb7b

https://git.kernel.org/stable/c/fc71c23958931713b5e76f317b76be37189f2516

CVSS Score

5.5 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: Nov. 8, 2024, 6:15 a.m.
Last Modified: Nov. 27, 2024, 8:14 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE-2024-50176