CVE-2024-27413

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27413
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b Patch
https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492 Patch
https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 Patch
https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 Patch
https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172 Patch
https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd Patch
https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f Patch
https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e Patch
https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b Patch
https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492 Patch
https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 Patch
https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 Patch
https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172 Patch
https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd Patch
https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f Patch
https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:rc9:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-05-17 12:15

Updated : 2025-12-17 19:39

NVD link : CVE-2024-27413

Mitre link : CVE-2024-27413

CVE.ORG link : CVE-2024-27413

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
NVD-CWE-noinfo