| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122737-CVE-2024-53231-fe0f@gregkh> Date: Fri, 27 Dec 2024 14:53:17 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53231: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Description =========== In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. The Linux kernel CVE team has assigned CVE-2024-53231 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 740fcdc2c20ecf855b36b919d7fa1b872b5a7eae and fixed in 6.1.120 with commit a357b63fd21e4b2791008c2175ba7a8c235ebce1 Issue introduced in 5.19 with commit 740fcdc2c20ecf855b36b919d7fa1b872b5a7eae and fixed in 6.6.64 with commit e07570a8f2cfc51260c6266cb8e1bd4777a610d6 Issue introduced in 5.19 with commit 740fcdc2c20ecf855b36b919d7fa1b872b5a7eae and fixed in 6.11.11 with commit e9b39f1924b76abc18881e4ce899fb232dd23d12 Issue introduced in 5.19 with commit 740fcdc2c20ecf855b36b919d7fa1b872b5a7eae and fixed in 6.12.2 with commit 65fe2f7fdafe2698a343661800434b3f2e51041e Issue introduced in 5.19 with commit 740fcdc2c20ecf855b36b919d7fa1b872b5a7eae and fixed in 6.13-rc1 with commit a78e7207564258db6e373e86294a85f9d646d35a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53231 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/cpufreq/cppc_cpufreq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a357b63fd21e4b2791008c2175ba7a8c235ebce1 https://git.kernel.org/stable/c/e07570a8f2cfc51260c6266cb8e1bd4777a610d6 https://git.kernel.org/stable/c/e9b39f1924b76abc18881e4ce899fb232dd23d12 https://git.kernel.org/stable/c/65fe2f7fdafe2698a343661800434b3f2e51041e https://git.kernel.org/stable/c/a78e7207564258db6e373e86294a85f9d646d35a
Powered by blists - more mailing lists