Lucene search

GoogleOSV:CVE-2024-45028

HistorySep 11, 2024 - 4:15 p.m.

CVE-2024-45028

2024-09-1116:15:07

Google

osv.dev

linux kernel

vulnerability

mmc_test

null dereference

allocation failure

-enomem

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:

mmc: mmc_test: Fix NULL dereference on allocation failure

If the “test->highmem = alloc_pages()” allocation fails then calling
__free_pages(test->highmem) will result in a NULL dereference. Also
change the error code to -ENOMEM instead of returning success.

References

git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06

git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63

git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea

git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd

git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c

git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6

git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9

git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890

security-tracker.debian.org/tracker/CVE-2024-45028

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

JSON

Related for OSV:CVE-2024-45028