CVE-2024-43823

2024-08-1700:00:00

ubuntu.com

linux

kernel

pci

vulnerability

fix

null pointer

dereference

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix NULL pointer dereference in case of DT error in
ks_pcie_setup_rc_app_regs()
If IORESOURCE_MEM is not provided in Device Tree due to
any error, resource_list_first_type() will return NULL and
pci_parse_request_of_pci_ranges() will just emit a warning.
This will cause a NULL pointer dereference. Fix this bug by adding NULL
return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-azure-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure-fde< anyUNKNOWN
ubuntu20.04noarchlinux-azure-fde-5.15< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-fde	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure-fde-5.15	< any	UNKNOWN