SB20250227134 - Reachable assertion in Linux kernel opp driver
Published: February 27, 2025 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Reachable assertion (CVE-ID: CVE-2024-57998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/774dd6f0f0a61c9c3848e025d7d9eeed1a7ca4cd
- https://git.kernel.org/stable/c/7d68c20638e50d5eb4576492a7958328ae445248
- https://git.kernel.org/stable/c/d659bc68ed489022ea33342cfbda2911a81e7a0d
- https://git.kernel.org/stable/c/da2a6acc73933b7812c94794726e438cde39e037
- https://git.kernel.org/stable/c/eb6ffa0192ba83ece1a318b956265519c5c7dcec
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.76