{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42277", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.261Z", "datePublished": "2024-08-17T09:08:45.486Z", "dateUpdated": "2024-09-15T17:52:42.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:52:42.933Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iommu/sprd-iommu.c"], "versions": [{"version": "92c089a931fd", "lessThan": "8c79ceb4ecf8", "status": "affected", "versionType": "git"}, {"version": "8745f3592ee4", "lessThan": "dfe90030a0cf", "status": "affected", "versionType": "git"}, {"version": "9afea57384d4", "lessThan": "b62841e49a2b", "status": "affected", "versionType": "git"}, {"version": "9afea57384d4", "lessThan": "d5fe884ce28c", "status": "affected", "versionType": "git"}, {"version": "9afea57384d4", "lessThan": "630482ee0653", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iommu/sprd-iommu.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922"}, {"url": "https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb"}, {"url": "https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb"}, {"url": "https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c"}, {"url": "https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8"}], "title": "iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:49.209899Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:31.475Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:49.209899Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.833Z"}}], "cna": {"title": "iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "92c089a931fd", "lessThan": "8c79ceb4ecf8", "versionType": "git"}, {"status": "affected", "version": "8745f3592ee4", "lessThan": "dfe90030a0cf", "versionType": "git"}, {"status": "affected", "version": "9afea57384d4", "lessThan": "b62841e49a2b", "versionType": "git"}, {"status": "affected", "version": "9afea57384d4", "lessThan": "d5fe884ce28c", "versionType": "git"}, {"status": "affected", "version": "9afea57384d4", "lessThan": "630482ee0653", "versionType": "git"}], "programFiles": ["drivers/iommu/sprd-iommu.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.165", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/iommu/sprd-iommu.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922"}, {"url": "https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb"}, {"url": "https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb"}, {"url": "https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c"}, {"url": "https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:52:42.933Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42277", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:52:42.933Z", "dateReserved": "2024-07-30T07:40:12.261Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:08:45.486Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B323CF3D-57B8-4C1B-9713-6B9056FFB7DC", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.15.113", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB8D27EF-D857-4647-BD9E-E9B9B527E66E", "versionEndExcluding": "6.1.103", "versionStartIncluding": "6.1.81", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B29AF908-23B7-4DFB-819A-24A65F004110", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\n\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu: sprd: Evite la deref NULL en sprd_iommu_hw_en En sprd_iommu_cleanup() antes de llamar a la funci\u00f3n sprd_iommu_hw_en() dom->sdev es igual a NULL, lo que conduce a una desreferencia nula. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-42277", "lastModified": "2024-09-10T18:46:21.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T09:15:08.750", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/630482ee0653decf9e2482ac6181897eb6cde5b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c79ceb4ecf823e6ec10fee6febb0fca3de79922"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b62841e49a2b7938f6fdeaaf93fb57e4eb880bdb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d5fe884ce28c5005f8582c35333c195a168f841c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dfe90030a0cfa26dca4cb6510de28920e5ad22fb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en", "id": "2305422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305422"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\niommu: sprd: Avoid NULL deref in sprd_iommu_hw_en\nIn sprd_iommu_cleanup() before calling function sprd_iommu_hw_en()\ndom->sdev is equal to NULL, which leads to null dereference.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "A flaw was identified and fixed in the Linux kernel's Spreadtrum (sprd) IOMMU driver. This issue occurred in the `sprd_iommu_cleanup()` function, where a null pointer dereference happened when calling `sprd_iommu_hw_en()`, as `dom->sdev` was `NULL`. This problem could lead to kernel crashes or instability. The bug was discovered by the Linux Verification Center using SVACE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42277", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42277\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42277\nhttps://lore.kernel.org/linux-cve-announce/2024081741-CVE-2024-42277-997a@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}