GHSA-4G32-C2J9-MX24

Vulnerability from github – Published: 2024-08-21 03:31 – Updated: 2025-11-04 00:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Clean up error handling in vpci_scan_bus()

Smatch complains about inconsistent NULL checking in vpci_scan_bus():

drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)

Instead of printing an error message and then crashing we should return an error code and clean up.

Also the NULL check is reversed so it prints an error for success instead of failure.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-43875"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T01:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n    drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed \u0027vpci_bus\u0027 could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure.",
  "id": "GHSA-4g32-c2j9-mx24",
  "modified": "2025-11-04T00:31:17Z",
  "published": "2024-08-21T03:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43875"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.