CVE-2024-35940

Summary

In the Linux kernel, the following vulnerability has been resolved:

pstore/zone: Add a null pointer check to the psz_kmsg_read

kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd26c3321fe18dc74517dc1f518d584aa33b0a851 < 98e2b97acb875d65bdfc75fc408e67975cef3041affected
LinuxLinuxd26c3321fe18dc74517dc1f518d584aa33b0a851 < 0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bbaffected
LinuxLinuxd26c3321fe18dc74517dc1f518d584aa33b0a851 < 635594cca59f9d7a8e96187600c34facb8bc0682affected
LinuxLinuxd26c3321fe18dc74517dc1f518d584aa33b0a851 < ec7256887d072f98c42cdbef4dcc80ddf84c7a70affected
LinuxLinuxd26c3321fe18dc74517dc1f518d584aa33b0a851 < 6f9f2e498eae7897ba5d3e33908917f68ff4abccaffected
LinuxLinuxd26c3321fe18dc74517dc1f518d584aa33b0a851 < 98bc7e26e14fbb26a6abf97603d59532475e97f8affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux5.10.215 <= 5.10.*unaffected
LinuxLinux5.15.155 <= 5.15.*unaffected
LinuxLinux6.1.86 <= 6.1.*unaffected
LinuxLinux6.6.27 <= 6.6.*unaffected
LinuxLinux6.8.6 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References