CVE-2024-49962

MEDIUM EPSS 16.1%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause NULL pointer dereference later. [ rjw: Subject and changelog edits ]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
16.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3

References 11

  • git.kernel.org https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/402b4c6b7500c7cca6972d2456a4a422801035b5
  • git.kernel.org https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4669da66ebc5b09881487f30669b0fcdb462188e
  • git.kernel.org https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a
    Patch