medium
5.5
CWE
476
Advisory Published
CVE Published
Updated

CVE-2024-27038: clk: Fix clk_core_get NULL dereference

First published: Wed May 01 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw->core. Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
redhat/kernel<5.4.273
5.4.273
redhat/kernel<5.10.214
5.10.214
redhat/kernel<5.15.153
5.15.153
redhat/kernel<6.1.83
6.1.83
redhat/kernel<6.6.23
6.6.23
redhat/kernel<6.7.11
6.7.11
redhat/kernel<6.8.2
6.8.2
redhat/kernel<6.9
6.9
Linux kernel>=5.2<5.4.273
Linux kernel>=5.5<5.10.214
Linux kernel>=5.11<5.15.153
Linux kernel>=5.16<6.1.83
Linux kernel>=6.2<6.6.23
Linux kernel>=6.7<6.7.11
Linux kernel>=6.8<6.8.2
Debian=10.0
debian/linux
5.10.223-1
5.10.234-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.16-1

Remedy

https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2

Remedy

https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185

Remedy

https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51

Remedy

https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed

Remedy

https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959

Remedy

https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6

Remedy

https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07

Remedy

https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-27038?

    CVE-2024-27038 has been identified as a significant vulnerability due to its potential for causing a NULL dereference in the Linux kernel.

  • How do I fix CVE-2024-27038?

    To remediate CVE-2024-27038, upgrade to the kernel version 5.4.273 or newer, 5.10.214 or newer, 5.15.153 or newer, 6.1.83 or newer, 6.6.23 or newer, 6.7.11 or newer, 6.8.2, or 6.9.

  • Which systems are affected by CVE-2024-27038?

    CVE-2024-27038 affects various versions of the Linux kernel from 5.2 up to 6.9 and specific Debian Linux version 10.0.

  • What is the impact of CVE-2024-27038?

    The impact of CVE-2024-27038 includes possible system crashes or instability due to NULL pointer dereference.

  • Has CVE-2024-27038 been resolved?

    Yes, CVE-2024-27038 has been resolved through patches in the updated kernel versions listed in the remediation section.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203