CVE-2024-50070

MEDIUM

Linux Kernel 6.6-6.6.58 6.7-6.11.5 - NULL Pointer Dereference in pinctrl stm32

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/a8d52de0a6c6b091b2771bcb98ce408cf9d69fe3

Patch

https://git.kernel.org/stable/c/3b36bb1fca2b87f6292ca2a8593f297c5e9fab41

Patch

https://git.kernel.org/stable/c/1f266957ae1207b0717c2d69096bc70654ae9fcb

Patch

https://git.kernel.org/stable/c/b0f0e3f0552a566def55c844b0d44250c58e4df6

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 10.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (13)

linux/Kernel 6.6.0 - 6.6.58linux

linux/Kernel 6.7.0 - 6.11.5linux

Linux/Linux < 6.6

Linux/Linux 32c170ff15b044579b1f8b8cdabf543406dde9da - 1f266957ae1207b0717c2d69096bc70654ae9fcb

Linux/Linux 32c170ff15b044579b1f8b8cdabf543406dde9da - 3b36bb1fca2b87f6292ca2a8593f297c5e9fab41

Linux/Linux 32c170ff15b044579b1f8b8cdabf543406dde9da - b0f0e3f0552a566def55c844b0d44250c58e4df6

Linux/Linux 6.11.5 - 6.11.*

Linux/Linux 6.12

Linux/Linux 6.6

Linux/Linux 6.6.58 - 6.6.*

... and 3 more

Published Oct 29, 2024

Tracked Since Feb 18, 2026