CVE-2024-27038
Vulnerability from cvelistv5
Published
2024-05-01 12:53
Modified
2024-11-05 09:20
Severity ?
Summary
clk: Fix clk_core_get NULL dereference
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T13:38:53.856287Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:44.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/clk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d7ae7d126568",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "239174535dba",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "0efb9ef6fb95",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "a8b2b26fdd01",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "a5d9b1aa61b4",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "c554badcae9c",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "6f073b24a9e2",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            },
            {
              "lessThan": "e97fe4901e0f",
              "status": "affected",
              "version": "dde4eff47c82",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/clk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_core_get NULL dereference\n\nIt is possible for clk_core_get to dereference a NULL in the following\nsequence:\n\nclk_core_get()\n    of_clk_get_hw_from_clkspec()\n        __of_clk_get_hw_from_provider()\n            __clk_get_hw()\n\n__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at\nhw-\u003ecore.\n\nPrior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based\nclk_lookups\") the check IS_ERR_OR_NULL() was performed which would have\ncaught the NULL.\n\nReading the description of this function it talks about returning NULL but\nthat cannot be so at the moment.\n\nUpdate the function to check for hw before dereferencing it and return NULL\nif hw is NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:20:26.459Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07"
        },
        {
          "url": "https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185"
        },
        {
          "url": "https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51"
        },
        {
          "url": "https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428"
        }
      ],
      "title": "clk: Fix clk_core_get NULL dereference",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27038",
    "datePublished": "2024-05-01T12:53:53.698Z",
    "dateReserved": "2024-02-19T14:20:24.212Z",
    "dateUpdated": "2024-11-05T09:20:26.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27038\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T13:15:49.507\",\"lastModified\":\"2024-11-05T10:16:22.883\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclk: Fix clk_core_get NULL dereference\\n\\nIt is possible for clk_core_get to dereference a NULL in the following\\nsequence:\\n\\nclk_core_get()\\n    of_clk_get_hw_from_clkspec()\\n        __of_clk_get_hw_from_provider()\\n            __clk_get_hw()\\n\\n__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at\\nhw-\u003ecore.\\n\\nPrior to commit dde4eff47c82 (\\\"clk: Look for parents with clkdev based\\nclk_lookups\\\") the check IS_ERR_OR_NULL() was performed which would have\\ncaught the NULL.\\n\\nReading the description of this function it talks about returning NULL but\\nthat cannot be so at the moment.\\n\\nUpdate the function to check for hw before dereferencing it and return NULL\\nif hw is NULL.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: corrige la desreferencia de clk_core_get NULL Es posible que clk_core_get elimine la referencia a un NULL en la siguiente secuencia: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() puede devolver NULL que es desreferenciado por clk_core_get() en hw-\u0026gt;core. Antes de confirmar dde4eff47c82 (\\\"clk: buscar padres con clk_lookups basado en clkdev\\\") se realiz\u00f3 la verificaci\u00f3n IS_ERR_OR_NULL() que habr\u00eda detectado el NULL. Leyendo la descripci\u00f3n de esta funci\u00f3n se habla de devolver NULL pero eso no puede ser as\u00ed por el momento. Actualice la funci\u00f3n para verificar hw antes de eliminar la referencia y devuelva NULL si hw es NULL.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.