CVE-2024-35940

MEDIUM

Linux Kernel - Null Pointer Dereference in pstore/zone psz_kmsg_read

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

References (8)

Core 8

Core References

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Patch

https://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041

Patch

https://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb

Patch

https://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682

Patch

https://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70

Patch

https://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc

Patch

https://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (21)

debian/debian_linux 10.0

linux/Kernel 5.11.0 - 5.15.155linux

linux/Kernel 5.16.0 - 6.1.86linux

linux/Kernel 5.8.0 - 5.10.215linux

linux/Kernel 6.2.0 - 6.6.27linux

linux/Kernel 6.7.0 - 6.8.6linux

Linux/Linux < 5.8

Linux/Linux 5.10.215 - 5.10.*

Linux/Linux 5.15.155 - 5.15.*

Linux/Linux 5.8

... and 11 more

Published May 19, 2024

Tracked Since Feb 18, 2026