- Description
- In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inline] BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 The issue occurs in cmd_to_func when the call_pkg->nd_reserved2 array is accessed without verifying that call_pkg points to a buffer that is appropriately sized as a struct nd_cmd_pkg. This can lead to out-of-bounds access and undefined behavior if the buffer does not have sufficient space. To address this, a check was added in acpi_nfit_ctl() to ensure that buf is not NULL and that buf_len is less than sizeof(*call_pkg) before accessing it. This ensures safe access to the members of call_pkg, including the nd_reserved2 array.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-125
- Hype score
- Not currently trending
CVE-2024-56662 Out-of-Bounds Read Vulnerability Resolved in Linux Kernel's ACPI NFIT A vulnerability in the Linux kernel has been fixed. It was found in acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl. Th... https://t.co/oCScdX7Uct
@VulmonFeeds
28 Dec 2024
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56662 In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KAS… https://t.co/n0GyNzTGhj
@CVEnew
27 Dec 2024
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6274D15-ED31-472F-B0FC-C76687469C95",
"versionEndExcluding": "4.15",
"versionStartIncluding": "4.14.176"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C208F54A-1F85-44EF-9E91-6DA461A49CA0",
"versionEndExcluding": "4.20",
"versionStartIncluding": "4.19.31"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B31FA24-D2AC-48A5-A29D-35820E219F8E",
"versionEndExcluding": "5.10.232",
"versionStartIncluding": "5.0.4"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A1F3620-6900-4852-9229-C3527377EBDA",
"versionEndExcluding": "5.15.175",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8DA16A0-9C6E-493E-90EE-309A34901477",
"versionEndExcluding": "6.1.121",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A",
"versionEndExcluding": "6.6.67",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5",
"versionEndExcluding": "6.12.6",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
],
"operator": "OR"
}
]
}
]