Lucene search

K
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-35796
HistoryMay 17, 2024 - 2:15 p.m.

CVE-2024-35796

2024-05-1714:15:11
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
9
linux kernel
vulnerability
net
ll_temac
platform_get_resource
devm_platform_ioremap_resource

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

10.3%

In the Linux kernel, the following vulnerability has been resolved:

net: ll_temac: platform_get_resource replaced by wrong function

The function platform_get_resource was replaced with
devm_platform_ioremap_resource_byname and is called using 0 as name.

This eventually ends up in platform_get_resource_byname in the call
stack, where it causes a null pointer in strcmp.

if (type == resource_type(r) && !strcmp(r->name, name))

It should have been replaced with devm_platform_ioremap_resource.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

10.3%