CVE-2024-58051
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
06/03/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ipmi: ipmb: Add check devm_kasprintf() returned value<br />
<br />
devm_kasprintf() can return a NULL pointer on failure but this<br />
returned value is not checked.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.3 (including) | 5.4.291 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.235 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.179 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.129 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.76 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1a8a17c5ce9cb5a82797602bff9819ac732d2ff5
- https://git.kernel.org/stable/c/2378bd0b264ad3a1f76bd957caf33ee0c7945351
- https://git.kernel.org/stable/c/312a6445036d692bc5665307eeafa4508c33c4b5
- https://git.kernel.org/stable/c/4c9caf86d04dcb10e9fd8cd9db8eb79b5bfcc4d8
- https://git.kernel.org/stable/c/a63284d415d4d114abd8be6e66a9558f3ca0702d
- https://git.kernel.org/stable/c/caac520350546e736894d14e051b64a9edb3600c
- https://git.kernel.org/stable/c/e529fbcf1f35f5fc3c839df7f06c3e3d02579715
- https://git.kernel.org/stable/c/eb288ab33fd87579789cb331209ff09e988ff4f7
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html