OpenCVE

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to the null address, the null pointer dereference bug will happen. This patch uses a stack variable to replace the kmalloc().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db
https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85
https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b
https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6
https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d
https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8
https://lore.kernel.org/linux-cve-announce/2024050112-CVE-2024-27037-d54a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27037
https://www.cve.org/CVERecord?id=CVE-2024-27037

History

Thu, 07 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-01T12:53:50.227Z

Updated: 2024-11-07T17:22:57.349Z

Reserved: 2024-02-19T14:20:24.212Z

Link: CVE-2024-27037

Vulnrichment

Updated: 2024-08-02T00:21:05.887Z

NVD

Status : Awaiting Analysis

Published: 2024-05-01T13:15:49.450

Modified: 2024-11-21T09:03:43.053

Link: CVE-2024-27037

Redhat

Severity : Moderate

Publid Date: 2024-05-01T00:00:00Z

Links: CVE-2024-27037 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27037", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.212Z", "datePublished": "2024-05-01T12:53:50.227Z", "dateUpdated": "2024-11-07T17:22:57.349Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:20:25.361Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: zynq: Prevent null pointer dereference caused by kmalloc failure\n\nThe kmalloc() in zynq_clk_setup() will return null if the\nphysical memory has run out. As a result, if we use snprintf()\nto write data to the null address, the null pointer dereference\nbug will happen.\n\nThis patch uses a stack variable to replace the kmalloc()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/zynq/clkc.c"], "versions": [{"version": "0ee52b157b8e", "lessThan": "01511ac7be8e", "status": "affected", "versionType": "git"}, {"version": "0ee52b157b8e", "lessThan": "8c4889a9ea86", "status": "affected", "versionType": "git"}, {"version": "0ee52b157b8e", "lessThan": "0801c893fd48", "status": "affected", "versionType": "git"}, {"version": "0ee52b157b8e", "lessThan": "ca976c6a592f", "status": "affected", "versionType": "git"}, {"version": "0ee52b157b8e", "lessThan": "58a946ab4350", "status": "affected", "versionType": "git"}, {"version": "0ee52b157b8e", "lessThan": "7938e9ce39d6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/zynq/clkc.c"], "versions": [{"version": "3.11", "status": "affected"}, {"version": "0", "lessThan": "3.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db"}, {"url": "https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d"}, {"url": "https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85"}, {"url": "https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8"}, {"url": "https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b"}, {"url": "https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6"}], "title": "clk: zynq: Prevent null pointer dereference caused by kmalloc failure", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T18:33:24.280230Z", "id": "CVE-2024-27037", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T17:22:57.349Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.887Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.887Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27037", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-06T18:33:24.280230Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T18:37:56.164Z"}}], "cna": {"title": "clk: zynq: Prevent null pointer dereference caused by kmalloc failure", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0ee52b157b8e", "lessThan": "01511ac7be8e", "versionType": "git"}, {"status": "affected", "version": "0ee52b157b8e", "lessThan": "8c4889a9ea86", "versionType": "git"}, {"status": "affected", "version": "0ee52b157b8e", "lessThan": "0801c893fd48", "versionType": "git"}, {"status": "affected", "version": "0ee52b157b8e", "lessThan": "ca976c6a592f", "versionType": "git"}, {"status": "affected", "version": "0ee52b157b8e", "lessThan": "58a946ab4350", "versionType": "git"}, {"status": "affected", "version": "0ee52b157b8e", "lessThan": "7938e9ce39d6", "versionType": "git"}], "programFiles": ["drivers/clk/zynq/clkc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.11"}, {"status": "unaffected", "version": "0", "lessThan": "3.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.153", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.83", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/clk/zynq/clkc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db"}, {"url": "https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d"}, {"url": "https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85"}, {"url": "https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8"}, {"url": "https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b"}, {"url": "https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: zynq: Prevent null pointer dereference caused by kmalloc failure\n\nThe kmalloc() in zynq_clk_setup() will return null if the\nphysical memory has run out. As a result, if we use snprintf()\nto write data to the null address, the null pointer dereference\nbug will happen.\n\nThis patch uses a stack variable to replace the kmalloc()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:20:25.361Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27037", "state": "PUBLISHED", "dateUpdated": "2024-11-07T17:22:57.349Z", "dateReserved": "2024-02-19T14:20:24.212Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T12:53:50.227Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: zynq: Prevent null pointer dereference caused by kmalloc failure\n\nThe kmalloc() in zynq_clk_setup() will return null if the\nphysical memory has run out. As a result, if we use snprintf()\nto write data to the null address, the null pointer dereference\nbug will happen.\n\nThis patch uses a stack variable to replace the kmalloc()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: zynq: evita la desreferencia del puntero nulo causada por una falla de kmalloc. El kmalloc() en zynq_clk_setup() devolver\u00e1 nulo si la memoria f\u00edsica se ha agotado. Como resultado, si usamos snprintf() para escribir datos en la direcci\u00f3n nula, se producir\u00e1 el error de desreferencia del puntero nulo. Este parche utiliza una variable de pila para reemplazar kmalloc()."}], "id": "CVE-2024-27037", "lastModified": "2024-11-21T09:03:43.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-01T13:15:49.450", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: clk: zynq: Prevent null pointer dereference caused by kmalloc failure", "id": "2278458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278458"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nclk: zynq: Prevent null pointer dereference caused by kmalloc failure\nThe kmalloc() in zynq_clk_setup() will return null if the\nphysical memory has run out. As a result, if we use snprintf()\nto write data to the null address, the null pointer dereference\nbug will happen.\nThis patch uses a stack variable to replace the kmalloc().", "A null pointer dereference flaw was found in drivers/clk/zynq/clkc.c in the Linux kernel caused by kmalloc failure."], "name": "CVE-2024-27037", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27037\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27037\nhttps://lore.kernel.org/linux-cve-announce/2024050112-CVE-2024-27037-d54a@gregkh/T"], "statement": "No Red Hat products are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.153, kernel 6.1.83, kernel 6.6.23, kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1"}