CVE-2024-49860

Summary

In the Linux kernel, the following vulnerability has been resolved:

ACPI: sysfs: validate return type of _STR method

Only buffer objects are valid return values of _STR.

If something else is returned description_show() will access invalid memory.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < 92fd5209fc014405f63a7db79802ca4b01dc0c05affected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < 2364b6af90c6b6d8a4783e0d3481ca80af699554affected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < 4b081991c4363e072e1748efed0bbec8a77daba5affected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < 0cdfb9178a3bba843c95c2117c82c15f1a64b9ceaffected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < 5c8d007c14aefc3f2ddf71e4c40713733dc827beaffected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < f0921ecd4ddc14646bb5511f49db4d7d3b0829f0affected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < f51e5a88f2e7224858b261546cf6b3037dfb1323affected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < f51f711d36e61fbb87c67b524fd200e05172668daffected
LinuxLinuxd1efe3c324ead77d3f6cd85093b50f6bd2e17aba < 4bb1e7d027413835b086aed35bc3f0713bc0f72baffected
LinuxLinux3.7affected
LinuxLinux0 < 3.7unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.54 <= 6.6.*unaffected
LinuxLinux6.10.13 <= 6.10.*unaffected
LinuxLinux6.11.2 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References