nvd-json-data-feeds/CVE-2024/CVE-2024-248xx/CVE-2024-24862.json

{
  "id": "CVE-2024-24862",
  "sourceIdentifier": "security@openanolis.org",
  "published": "2024-04-14T13:15:48.400",
  "lastModified": "2024-04-15T13:15:31.997",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus->spi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n"
    },
    {
      "lang": "es",
      "value": "En la funci\u00f3n pci1xxxx_spi_probe, hay un posible puntero nulo que puede deberse a una asignaci\u00f3n de memoria fallida por parte de la funci\u00f3n devm_kzalloc. Por lo tanto, es necesario agregar una verificaci\u00f3n de puntero nulo para evitar que se elimine la referencia al puntero nulo m\u00e1s adelante en el c\u00f3digo. Para solucionar este problema, se debe marcar spi_bus-&gt;spi_int[iter]. La memoria asignada por devm_kzalloc se liberar\u00e1 autom\u00e1ticamente, por lo que simplemente devuelva -ENOMEM directamente sin preocuparse por p\u00e9rdidas de memoria."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@openanolis.org",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@openanolis.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748",
      "source": "security@openanolis.org"
    }
  ]
}
Auto-Update: 2024-04-14T14:00:38.067564+00:00 2024-04-14 14:03:27 +00:00			`{`
			`"id": "CVE-2024-24862",`
			`"sourceIdentifier": "security@openanolis.org",`
			`"published": "2024-04-14T13:15:48.400",`
Auto-Update: 2024-04-15T14:00:56.204482+00:00 2024-04-15 14:03:45 +00:00			`"lastModified": "2024-04-15T13:15:31.997",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-04-14T14:00:38.067564+00:00 2024-04-14 14:03:27 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus->spi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n"`
Auto-Update: 2024-04-15T14:00:56.204482+00:00 2024-04-15 14:03:45 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "En la funci\u00f3n pci1xxxx_spi_probe, hay un posible puntero nulo que puede deberse a una asignaci\u00f3n de memoria fallida por parte de la funci\u00f3n devm_kzalloc. Por lo tanto, es necesario agregar una verificaci\u00f3n de puntero nulo para evitar que se elimine la referencia al puntero nulo m\u00e1s adelante en el c\u00f3digo. Para solucionar este problema, se debe marcar spi_bus->spi_int[iter]. La memoria asignada por devm_kzalloc se liberar\u00e1 autom\u00e1ticamente, por lo que simplemente devuelva -ENOMEM directamente sin preocuparse por p\u00e9rdidas de memoria."
Auto-Update: 2024-04-14T14:00:38.067564+00:00 2024-04-14 14:03:27 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security@openanolis.org",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 0.8,`
			`"impactScore": 4.0`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security@openanolis.org",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-476"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748",`
			`"source": "security@openanolis.org"`
			`}`
			`]`
			`}`