NULL Pointer Dereference Affecting kernel-debug-uki-virt package, versions *


Severity

Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.04% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-RHEL9-KERNELDEBUGUKIVIRT-8431072
  • published27 Nov 2024
  • disclosed19 Nov 2024

Introduced: 19 Nov 2024

CVE-2024-53060  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:9 kernel-debug-uki-virt.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-debug-uki-virt package and not the kernel-debug-uki-virt package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL.

Although this case may be unrealistic for the current code, it is still better to protect against possible bugs.

Bail out also when status is AE_NOT_FOUND.

This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL)

(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)

CVSS Scores

version 3.1