CVE-2024-24856
MEDIUMAnolis OS 4.4-6.9 - Null Pointer Dereference in ACPI_ALLOCATE_ZEROED
Title source: llmDescription
The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY.
References (1)
Core 1
Core References
Issue Tracking
https://bugzilla.openanolis.cn/show_bug.cgi?id=8764
Scores
CVSS v3
5.3
EPSS
0.0017
EPSS Percentile
6.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
OpenAnolis/Anolis OS
v4.4 - v6.9
Published
Apr 17, 2024
Tracked Since
Feb 18, 2026