Updated: 2024-06-13 05:21:12.665191
Description:
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Released | CLSA-2024:1718951563 | 2024-06-21 05:19:52 | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 5.5 | MEDIUM | Not Vulnerable | 2024-06-14 10:10:15 | ||
| Ubuntu 18.04 ELS | linux | 4.15.0 | 5.5 | MEDIUM | Released | CLSA-2024:1718950178 | 2024-06-21 02:55:55 |