GoogleOSV:CVE-2024-39466

HistoryJun 25, 2024 - 3:15 p.m.

CVE-2024-39466

2024-06-2515:15:15

Google

osv.dev

linux

kernel

vulnerability

thermal driver

fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

thermal/drivers/qcom/lmh: Check for SCM availability at probe

Up until now, the necessary scm availability check has not been
performed, leading to possible null pointer dereferences (which did
happen for me on RB1).

Fix that.

References

git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464

git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3

git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665

git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b

git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be

security-tracker.debian.org/tracker/CVE-2024-39466

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

5.0%

JSON

Related for OSV:CVE-2024-39466