CVE-2024-43896

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL

Call efi_rt_services_supported() to check that efi.get_variable exists before calling it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1cad8725f2b98965ed3658bc917090b30adb14fa < 5b6baaa7cbd77ff980516bad38bbc5a648bb5158affected
LinuxLinux1cad8725f2b98965ed3658bc917090b30adb14fa < dc268085e499666b9f4f0fcb4c5a94e1c0b193b3affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.10.5 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References