CVE-2024-36955

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() The documentation for device_get_named_child_node() mentions this important point: " The caller is responsible for calling fwnode_handle_put() on the returned fwnode pointer. " Add fwnode_handle_put() to avoid a leaked reference.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/722d33c442e66e4aabd3e778958d696ff3a2777e
https://git.kernel.org/stable/c/7db626d2730d3d80fd31638169054b1e507f07bf
https://git.kernel.org/stable/c/7ef6ecf98ce309b1f4e5a25cddd5965d01feea07
https://git.kernel.org/stable/c/bd2d9641a39e6b5244230c4b41c4aca83b54b377
https://git.kernel.org/stable/c/c158cf914713efc3bcdc25680c7156c48c12ef6a

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-30 16:15

Updated : 2024-07-03 02:03

NVD link : CVE-2024-36955

Mitre link : CVE-2024-36955

CVE.ORG link : CVE-2024-36955

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-36955", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}]}, "published": "2024-05-30T16:15:18.390", "references": [{"url": "https://git.kernel.org/stable/c/722d33c442e66e4aabd3e778958d696ff3a2777e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7db626d2730d3d80fd31638169054b1e507f07bf", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7ef6ecf98ce309b1f4e5a25cddd5965d01feea07", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bd2d9641a39e6b5244230c4b41c4aca83b54b377", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c158cf914713efc3bcdc25680c7156c48c12ef6a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()\n\nThe documentation for device_get_named_child_node() mentions this\nimportant point:\n\n\"\nThe caller is responsible for calling fwnode_handle_put() on the\nreturned fwnode pointer.\n\"\n\nAdd fwnode_handle_put() to avoid a leaked reference."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: intel-sdw-acpi: corrige el uso de device_get_named_child_node() La documentaci\u00f3n para device_get_named_child_node() menciona este punto importante: \"La persona que llama es responsable de llamar a fwnode_handle_put() en el puntero fwnode devuelto. \"Agregue fwnode_handle_put() para evitar una referencia filtrada."}], "lastModified": "2024-07-03T02:03:54.210", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}