CVE-2024-38571 : In the Linux kernel, the following vulnerability has been resolved: thermal/dri

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Published 2024-06-19 13:35:37

Updated 2024-08-01 20:24:00

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-38571

Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.8.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.13 and before (<) 5.15.161
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.9 and before (<) 6.9.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.93
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.33
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-38571

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-38571

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-08-01
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-38571

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-38571

https://git.kernel.org/stable/c/fcf5f1b5f308f2eb422f6aca55d295b25890906b

thermal/drivers/tsens: Fix null pointer dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/11c731386ed82053c2759b6fea1a82ae946e5e0f

thermal/drivers/tsens: Fix null pointer dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/2d5ca6e4a2872e92a32fdfd87e04dd7d3ced7278

thermal/drivers/tsens: Fix null pointer dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/d998ddc86a27c92140b9f7984ff41e3d1d07a48f

thermal/drivers/tsens: Fix null pointer dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/06d17744b77bc6cb29a6c785f4fad8c4163ee653

thermal/drivers/tsens: Fix null pointer dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/27600e0c5272a262b0903e35ae1df37d33c5c1ad

thermal/drivers/tsens: Fix null pointer dereference - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-38571

Products affected by CVE-2024-38571

Exploit prediction scoring system (EPSS) score for CVE-2024-38571

CVSS scores for CVE-2024-38571

CWE ids for CVE-2024-38571

References for CVE-2024-38571