Description

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference. Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning: drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747) Thus, remove the redundant NULL check and also use the epc_features:: {msix_capable/msi_capable} flags directly to avoid local variables. [kwilczynski: commit log]

INFO

Published Date :

2024-08-17T09:21:44.483Z

Last Modified :

2025-05-04T09:27:05.094Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43824 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43824.

URL Resource
https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a cve-icon cve-icon
https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-43824 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-43824 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact