NULL Pointer Dereference Affecting dlm-kmp-default package, versions <6.4.0-150600.23.14.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-DLMKMPDEFAULT-7553459
- published 23 Jul 2024
- disclosed 22 Jul 2024
Introduced: 22 Jul 2024
CVE-2024-38571 Open this link in a new tabHow to fix?
Upgrade SLES:15.6 dlm-kmp-default to version 6.4.0-150600.23.14.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream dlm-kmp-default package and not the dlm-kmp-default package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/tsens: Fix null pointer dereference
compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
- https://www.suse.com/security/cve/CVE-2024-38571.html
- https://bugzilla.suse.com/1226737
- https://git.kernel.org/stable/c/06d17744b77bc6cb29a6c785f4fad8c4163ee653
- https://git.kernel.org/stable/c/11c731386ed82053c2759b6fea1a82ae946e5e0f
- https://git.kernel.org/stable/c/27600e0c5272a262b0903e35ae1df37d33c5c1ad
- https://git.kernel.org/stable/c/2d5ca6e4a2872e92a32fdfd87e04dd7d3ced7278
- https://git.kernel.org/stable/c/d998ddc86a27c92140b9f7984ff41e3d1d07a48f
- https://git.kernel.org/stable/c/fcf5f1b5f308f2eb422f6aca55d295b25890906b