CVE-2024-24856

Summary

The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference.

To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY.

Affected Software

VendorProductVersion RangeStatus
OpenAnolisAnolis OSv4.4 < v6.9affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References