CVE-2024-43824

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the PCI endpoint in the Linux kernel, specifically with the pci epf test core init() function. Instead of getting epc features from the pci epc get features() API, the cached pci epf test::epc features value is used to avoid a NULL check. The NULL check is already performed in pci epf test bind(), making the additional check in pci epf test core init() redundant. A commit removed the "core init notifier" flag, leading to a false positive Smatch warning. The fix involves removing the redundant NULL check and using the epc features flags directly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

AZL-48501

AZL-48514

BDU:2025-02971

CVE-2024-43824

ECHO-21A2-9849-0C23

OESA-2024-2076

OESA-2024-2106

OESA-2024-2107

OESA-2024-2108

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Alt Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-43824

Weakness Enumeration

Related Identifiers

Affected Products

References · 1716