SB2024122708 - NULL pointer dereference in Linux kernel firmware driver
Published: December 27, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024122708
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-53157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577
- https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac
- https://git.kernel.org/stable/c/109aa654f85c5141e813b2cd1bd36d90be678407
- https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417
- https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051
- https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6
- https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383
- https://git.kernel.org/stable/c/9beaff47bcea5eec7d4ead98f5043057161fd71a
- https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf1c3b325
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11