CVE-2024-49860

ACPI: sysfs: validate return type of _STR method

Published: 10/21/2024 Last updated: 5/4/2025 Reserved: 10/21/2024

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
Linux	Linux	Web Console 2 all versions
Linux	Linux	8.1 for x64-based systems

References (9)

https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05
https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554
https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5
https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce
https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be
https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0
https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323
https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d
https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b