Cristian Marussi

Researcher fromARM
#14076of 53,635
19.1Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2024-3411
5.5
2024-02-13
Linux · Linux Kernel · CVE-2024-26784
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a NULL dereference in the `scmi perf domain remove()` function when the `#power-domain-cells` property is missing in the Device Tree (DT) provided to the system. This causes the probe to bail out early without giving any error, leading to the `->remove()` callback being executed without the expected initialized structures in place. The vulnerability can be exploited to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-8385
5.5
2022-11-15
Linux · Linux Kernel · CVE-2022-49451
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, related to the enumeration of protocols implemented by the SCMI platform. The issue arises from improper validation of the number of returned protocols, which can lead to an overflow and silent bypass of the check if the returned value `loop num ret` is sufficiently large. This vulnerability is related to the `BASE DISCOVER LIST PROTOCOLS` protocol. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-7339
8.1
2022-08-23
Linux · Linux Kernel · CVE-2022-48655
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's firmware component, specifically the arm scmi module. Accessing reset domains descriptors by index through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehaves. An internal consistency check has been added before accessing such domains descriptors to prevent this issue. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.