CVE-2024-49860

ACPI: sysfs: validate return type of _STR method

Published: 10/21/2024 Last updated: 11/3/2025 Reserved: 10/21/2024

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
Linux	Linux	<= 6.6.*
Linux	Linux	< 11.*

References (22)

https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05
https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554
https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5
https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce
https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be
https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0
https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323
https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d
https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05
https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554
https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5
https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce
https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be
https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0
https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323
https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d
https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html