PT-2024-30685 · Linux+8 · Linux Kernel+8
Published
2024-05-05
·
Updated
2026-05-26
·
CVE-2024-43823
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.50
Description
The issue is related to a NULL pointer dereference in the Linux kernel, specifically in the PCI: keystone component. This occurs when
IORESOURCE MEM is not provided in the Device Tree due to an error, causing resource list first type() to return NULL. As a result, pci parse request of pci ranges() emits a warning, leading to a NULL pointer dereference. The problem is fixed by adding a NULL return check.Technical details about exploitation include:
- The function
ks pcie setup rc app regs()is involved in the vulnerability. - The
resource list first type()function returnsNULLwhenIORESOURCE MEMis not provided. - The
pci parse request of pci ranges()function emits a warning instead of handling the error properly.
Recommendations
To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider adding a NULL return check in the
ks pcie setup rc app regs() function to prevent the NULL pointer dereference. Restrict access to the vulnerable PCI: keystone component to minimize the risk of exploitation until a patch is available.Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu