{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24856", "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "state": "PUBLISHED", "assignerShortName": "Anolis", "dateReserved": "2024-02-01T09:11:56.214Z", "datePublished": "2024-04-17T08:34:59.559Z", "dateUpdated": "2024-08-01T23:28:12.874Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["acpi"], "packageName": "kernel", "platforms": ["Linux"], "product": "Anolis OS", "programFiles": ["https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/acpi/acpica/dbconvert.c"], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "OpenAnolis", "versions": [{"lessThan": "v6.9", "status": "affected", "version": "v4.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"}, {"lang": "en", "type": "reporter", "value": "\u5218\u6000\u8fdc <qq810974084@gmail.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<pre>The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY.</pre><br>"}], "value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY."}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis", "dateUpdated": "2024-05-29T07:56:57.064Z"}, "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\">https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0</a><br>"}], "value": "https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0"}], "source": {"discovery": "UNKNOWN"}, "title": "NULL pointer deference in acpi_db_convert_to_package of Linux acpi module", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "openanolis", "product": "anolis_os", "cpes": ["cpe:2.3:o:openanolis:anolis_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "v4.4", "status": "affected", "lessThan": "v6.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T15:41:12.748133Z", "id": "CVE-2024-24856", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T15:42:27.369Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.874Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.874Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24856", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-05T15:41:12.748133Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:openanolis:anolis_os:*:*:*:*:*:*:*:*"], "vendor": "openanolis", "product": "anolis_os", "versions": [{"status": "affected", "version": "v4.4", "lessThan": "v6.9", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T15:38:16.614Z"}}], "cna": {"title": "NULL pointer deference in acpi_db_convert_to_package of Linux acpi module", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"}, {"lang": "en", "type": "reporter", "value": "\u5218\u6000\u8fdc <qq810974084@gmail.com>"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "OpenAnolis", "modules": ["acpi"], "product": "Anolis OS", "versions": [{"status": "affected", "version": "v4.4", "lessThan": "v6.9", "versionType": "custom"}], "platforms": ["Linux"], "packageName": "kernel", "programFiles": ["https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/acpi/acpica/dbconvert.c"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\">https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0</a><br>", "base64": false}]}], "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY.", "supportingMedia": [{"type": "text/html", "value": "<pre>The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY.</pre><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis", "dateUpdated": "2024-05-29T07:56:57.064Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24856", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:28:12.874Z", "dateReserved": "2024-02-01T09:11:56.214Z", "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "datePublished": "2024-04-17T08:34:59.559Z", "assignerShortName": "Anolis"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY."}, {"lang": "es", "value": "La funci\u00f3n de asignaci\u00f3n de memoria ACPI_ALLOCATE_ZEROED no garantiza una asignaci\u00f3n exitosa, pero el c\u00f3digo posterior desreferencia directamente el puntero que la recibe, lo que puede provocar una desreferencia del puntero nulo. Para solucionar este problema, se debe agregar una verificaci\u00f3n de puntero nulo. Si es nulo, devuelve el c\u00f3digo de excepci\u00f3n AE_NO_MEMORY."}], "id": "CVE-2024-24856", "lastModified": "2024-11-21T08:59:51.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "security@openanolis.org", "type": "Secondary"}]}, "published": "2024-04-17T09:15:07.743", "references": [{"source": "security@openanolis.org", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8764"}], "sourceIdentifier": "security@openanolis.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@openanolis.org", "type": "Secondary"}]}

{}