Описание
[REJECTED CVE] A NULL pointer dereference issue was identified in the Linux kernel within the ACPI subsystem's extlog module. In the extlog_exit() function, the extlog_l1_addr pointer was dereferenced before verifying if it was NULL, potentially causing system instability or crashes during the cleanup process.
Отчет
This CVE has been rejected upstream:- https://lore.kernel.org/linux-cve-announce/20240318151025.2952751-2-lee@kernel.org/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2024:7001 | 24.09.2024 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:7000 | 24.09.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:2627 | 11.03.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:2627 | 11.03.2025 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | kernel | Fixed | RHSA-2025:3021 | 19.03.2025 |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
In the Linux kernel, the following vulnerability has been resolved: ACPI: extlog: fix NULL pointer dereference check The gcc plugin -fanalyzer [1] tries to detect various patterns of incorrect behaviour. The tool reports: drivers/acpi/acpi_extlog.c: In function ‘extlog_exit’: drivers/acpi/acpi_extlog.c:307:12: warning: check of ‘extlog_l1_addr’ for NULL after already dereferencing it [-Wanalyzer-deref-before-check] | | 306 | ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~ | | | | | (1) pointer ‘extlog_l1_addr’ is dereferenced here | 307 | if (extlog_l1_addr) | | ~ | | | | | (2) pointer ‘extlog_l1_addr’ is checked for NULL here but it was already dereferenced at (1) | ...
4.4 Medium
CVSS3