CVE-2024-38573: cppc_cpufreq: Fix possible null pointer dereference
In the Linux kernel, the following vulnerability has been resolved:
cppccpufreq: Fix possible null pointer dereference
cppccpufreqgetrate() and hisicppccpufreqgetrate() can be called from different places with various parameters. So cpufreqcpuget() can return null as 'policy' in some circumstances. Fix this bug by adding null return check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
cppccpufreq: Fix possible null pointer dereference
The Linux kernel CVE team has assigned CVE-2024-38573 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061957-CVE-2024-38573-d4b6@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-38573?
CVE-2024-38573 has a medium severity level due to the potential for null pointer dereference in the Linux kernel.
How do I fix CVE-2024-38573?
To fix CVE-2024-38573, upgrade the kernel to version 5.15.161 or higher, 6.1.93 or higher, or the appropriate patched version from Red Hat or Debian.
Which Linux kernel versions are affected by CVE-2024-38573?
CVE-2024-38573 affects multiple Linux kernel versions including those under Red Hat up to 5.15.161, 6.1.93, and others specified in the advisory.
Is CVE-2024-38573 present in Debian Linux distributions?
Yes, CVE-2024-38573 is present in specific Debian Linux kernel versions such as 5.10.223-1 and 6.1.123-1, among others.
What systems could be impacted by CVE-2024-38573?
Systems running affected versions of the Linux kernel from Red Hat and Debian may experience issues due to CVE-2024-38573.