CVE-2024-27038NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference47 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.0OSV6.5
EPSS
0.0%
top 99.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedMay 1
Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw->core. Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups") the check IS_ERR_OR_NULL() was performed which

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDlinux/linux_kernel5.25.4.273+6
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+2
CVEListV5linux/linuxdde4eff47c82c52a72af333d9e55370eee6d95d6d7ae7d1265686b55832a445b1db8cdd69738ac07+8
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-aws, linux-aws-5.4, linux-iot vulnerabilities2024-07-23
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-07-19
OSV
linux-oracle, linux-xilinx-zynqmp vulnerabilities2024-07-17
OSV
linux-hwe-5.4, linux-oracle-5.4 vulnerabilities2024-07-16

📋Vendor Advisories

23
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-19
Ubuntu
Linux kernel vulnerabilities2024-07-17
Ubuntu
Linux kernel vulnerabilities2024-07-16

💬Community

1
Bugzilla
CVE-2024-27038 kernel: clk: Fix clk_core_get NULL dereference2024-05-01
CVE-2024-27038 — NULL Pointer Dereference in Linux | cvebase