CVE-2024-38573

Updated: 2024-08-13 02:04:36.64286

Description:

In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-13 14:24:47
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-13 14:24:47
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:24:47
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-13 14:24:47
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 05:25:46
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 05:25:46
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-20 05:25:46
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:24:47
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-13 14:24:47
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-13 14:24:47