fkie_cve-2024-27413
Vulnerability from fkie_nvd
Published
2024-05-17 12:15
Modified
2024-11-21 09:04
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect allocation size
gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:
drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
| ^
Use the correct type instead here.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]\n 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);\n | ^\n\nUse the correct type instead here.", }, { lang: "es", value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi/capsule-loader: corrige el tamaño de asignación incorrecto gcc-14 advierte que la asignación con sizeof(void) en arquitecturas de 32 bits no es suficiente para phys_addr_t: drivers de 64 bits /firmware/efi/capsule-loader.c: En función 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: asignación de tamaño '4' insuficiente para el tipo 'phys_addr_t' {alias ' long long unsigned int'} con tamaño '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Utilice el tipo correcto aquí.", }, ], id: "CVE-2024-27413", lastModified: "2024-11-21T09:04:34.300", metrics: {}, published: "2024-05-17T12:15:12.403", references: [ { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", url: "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, ], sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", vulnStatus: "Awaiting Analysis", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.