CVE-2024-49962: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause NULL pointer dereference later. [ rjw: Subject and changelog edits ]
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | <5.10.227 | |
| Linux kernel | >=5.11<5.15.168 | |
| Linux kernel | >=5.16<6.1.113 | |
| Linux kernel | >=6.2<6.6.55 | |
| Linux kernel | >=6.7<6.10.14 | |
| Linux kernel | >=6.11<6.11.3 | |
| Linux Kernel | <5.10.227 | |
| Linux Kernel | >=5.11<5.15.168 | |
| Linux Kernel | >=5.16<6.1.113 | |
| Linux Kernel | >=6.2<6.6.55 | |
| Linux Kernel | >=6.7<6.10.14 | |
| Linux Kernel | >=6.11<6.11.3 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c
- https://git.kernel.org/stable/c/402b4c6b7500c7cca6972d2456a4a422801035b5
- https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546
- https://git.kernel.org/stable/c/4669da66ebc5b09881487f30669b0fcdb462188e
- https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330
- https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d
- https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d
- https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982
- https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49962
- https://nvd.nist.gov/vuln/detail/CVE-2024-49962
- https://launchpad.net/bugs/cve/CVE-2024-49962
- https://security-tracker.debian.org/tracker/CVE-2024-49962
- https://ubuntu.com/security/CVE-2024-49962
- https://git.kernel.org/linus/a5242874488eba2b9062985bf13743c029821330
Frequently Asked Questions
What is the severity of CVE-2024-49962?
CVE-2024-49962 has been assigned a medium severity score due to the potential for NULL pointer dereference.
How do I fix CVE-2024-49962?
To fix CVE-2024-49962, it is recommended to upgrade to a patched version of the Linux kernel: 6.1.123-1 or later.
Which versions of the Linux kernel are affected by CVE-2024-49962?
CVE-2024-49962 affects Linux kernel versions prior to 5.10.227, and between 5.11 and 5.15.168, 5.16 and 6.1.113, 6.2 and 6.6.55, 6.7 and 6.10.14, and 6.11 up to 6.11.3.
What systems are impacted by CVE-2024-49962?
CVE-2024-49962 impacts any systems running the affected versions of the Linux kernel.
Is there a workaround for CVE-2024-49962 if I cannot upgrade?
Currently, there are no known workarounds for CVE-2024-49962, so applying the patch is the best approach.
- agent/title
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11
- package-manager/debian