Lucene search

[email protected]CVE-2024-24863

HistoryApr 14, 2024 - 1:15 p.m.

CVE-2024-24863

2024-04-1413:15:49

CWE-476

[email protected]

web.nvd.nist.gov

cve-2024-24863

memory allocation

kzalloc

mw_state

drm_atomic_helper_connector_reset

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.8 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.4%

JSON

In malidp_mw_connector_reset, new memory is allocated with kzalloc, but
no check is performed. In order to prevent null pointer dereferencing,
ensure that mw_state is checked before calling
__drm_atomic_helper_connector_reset.

References

bugzilla.openanolis.cn/show_bug.cgi?id=8750

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.8 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:M/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.4%

JSON

Related for CVE-2024-24863

ubuntucve1 cvelist1