Lucene search

[email protected]CVE-2024-24856

HistoryApr 17, 2024 - 9:15 a.m.

CVE-2024-24856

2024-04-1709:15:07

CWE-476

[email protected]

web.nvd.nist.gov

memory allocation

vulnerability

cve-2024-24856

null pointer dereference

exception code

nvd

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

7.5 High

AI Score

Confidence

Low

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.4%

JSON

The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference.

To fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.

References

bugzilla.openanolis.cn/show_bug.cgi?id=8764

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

7.5 High

AI Score

Confidence

Low

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.4%

JSON

Related for CVE-2024-24856

ubuntucve1 cvelist1