CVE-2024-42081

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_devcoredump: Check NULL before assignments Assign 'xe_devcoredump_snapshot *' and 'xe_device *' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.(Ashutosh/Jose) v4 - Drop return check for coredump_to_xe. (Jose/Rodrigo) v5 - Modify misleading commit message. (Matt)

References

Link	Resource
https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37	Patch
https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a	Patch
https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37	Patch
https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:33

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37 - Patch~~	() https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37 - Patch
References	~~() https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a - Patch~~	() https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a - Patch

30 Jul 2024, 18:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 16:15

Updated : 2024-11-21 09:33

NVD link : CVE-2024-42081

Mitre link : CVE-2024-42081

CVE.ORG link : CVE-2024-42081

JSON object : View

Products Affected

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-42081", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-29T16:15:07.317", "references": [{"url": "https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_devcoredump: Check NULL before assignments\n\nAssign 'xe_devcoredump_snapshot *' and 'xe_device *' only if\n'coredump' is not NULL.\n\nv2\n- Fix commit messages.\n\nv3\n- Define variables before code.(Ashutosh/Jose)\n\nv4\n- Drop return check for coredump_to_xe. (Jose/Rodrigo)\n\nv5\n- Modify misleading commit message. (Matt)"}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/xe_devcoredump: marque NULL antes de las asignaciones. Asigne 'xe_devcoredump_snapshot *' y 'xe_device *' solo si 'coredump' no es NULL. v2: corrige los mensajes de confirmaci\u00f3n. v3: definir variables antes del c\u00f3digo. (Ashutosh/Jose) v4: eliminar la verificaci\u00f3n de retorno para coredump_to_xe. (Jos\u00e9/Rodrigo) v5 - Modificar mensaje de confirmaci\u00f3n enga\u00f1oso. (Matt)"}], "lastModified": "2024-11-21T09:33:33.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5810FB48-F33E-4087-A3BB-2F33EEFFA914", "versionEndExcluding": "6.9.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}