CVE-2024-45028

MEDIUM EPSS 15.8%
Published Sep 11, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 11, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the error code to -ENOMEM instead of returning success.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥2.6.27  –  <4.19.321
linuxlinux_kernel*≥4.20  –  <5.4.283
linuxlinux_kernel*≥5.5  –  <5.10.225
linuxlinux_kernel*≥5.11  –  <5.15.166
linuxlinux_kernel*≥5.16  –  <6.1.107
linuxlinux_kernel*≥6.2  –  <6.6.48
linuxlinux_kernel*≥6.7  –  <6.10.7
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890
    Patch