Lucene search

GoogleOSV:CVE-2024-43896

HistoryAug 26, 2024 - 11:15 a.m.

CVE-2024-43896

2024-08-2611:15:04

Google

osv.dev

linux kernel

asoc vulnerability

null pointer crash

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:

ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL

Call efi_rt_services_supported() to check that efi.get_variable exists
before calling it.

References

git.kernel.org/stable/c/5b6baaa7cbd77ff980516bad38bbc5a648bb5158

git.kernel.org/stable/c/dc268085e499666b9f4f0fcb4c5a94e1c0b193b3

security-tracker.debian.org/tracker/CVE-2024-43896

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

Related for OSV:CVE-2024-43896