CVE-2024-46769 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned value is not checked.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2920294686ec23211637998f3ec386dfd3d784a6
https://git.kernel.org/stable/c/6e68abdc5d674f9f4185bf1e1956368d05df4838
https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46769-9b81@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-46769
https://www.cve.org/CVERecord?id=CVE-2024-46769

History

Wed, 18 Sep 2024 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46769-9b81@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-46769 https://www.cve.org/CVERecord?id=CVE-2024-46769
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 18 Sep 2024 07:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name. This can return a NULL pointer on failure but this returned value is not checked.
Title		spi: intel: Add check devm_kasprintf() returned value
References		https://git.kernel.org/stable/c/2920294686ec23211637998f3ec386dfd3d784a6 https://git.kernel.org/stable/c/6e68abdc5d674f9f4185bf1e1956368d05df4838

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-18T07:12:27.833Z

Updated: 2024-09-18T07:12:27.833Z

Reserved: 2024-09-11T15:12:18.273Z

Link: CVE-2024-46769

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2024-09-18T08:15:04.903

Modified: 2024-09-20T12:30:51.220

Link: CVE-2024-46769

Redhat

Severity : Moderate

Publid Date: 2024-09-18T00:00:00Z

Links: CVE-2024-46769 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object