CVE-2024-56767

Jan. 9, 2025, 4:16 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.13

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-476
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.13 rc1 / / / / / /
o linux linux_kernel 6.13 rc2 / / / / / /
o linux linux_kernel 6.13 rc3 / / / / / /
o linux linux_kernel 6.13 rc4 / / / / / /

References

https://git.kernel.org/stable/c/3d229600c54e9e0909080ecaf1aab0642aefa5f0
https://git.kernel.org/stable/c/54376d8d26596f98ed7432a788314bb9154bf3e3
https://git.kernel.org/stable/c/8d364597de9ce2a5f52714224bfe6c2e7a29b303
https://git.kernel.org/stable/c/c43ec96e8d34399bd9dab2f2dc316b904892133f
https://git.kernel.org/stable/c/e658f1c133b854b2ae799147301d82dddb8f3162
https://git.kernel.org/stable/c/ed1a8aaa344522c0c349ac9042db27ad130ef913
https://git.kernel.org/stable/c/fdba6d5e455388377ec7e82a5913ddfcc7edd93b

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-476
2025-01-06
CVE-2024-56767

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Jan. 6, 2025, 5:15 p.m.
Last Modified: Jan. 9, 2025, 4:16 p.m.

Status : Modified

CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.