CVE-2024-53060
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-53060
CVE Details
| Release Date: | 2024-11-19 |
Description
In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\nBail out also when status is AE_NOT_FOUND.\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)
See more information about CVE-2024-53060 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.5 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12884 | 2024-12-16 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12884 | 2024-12-16 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2025-20018 | 2025-01-11 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2025-20018 | 2025-01-11 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
