Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw->core. Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.2, < 5.4.273 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2Patch
- https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185Patch
- https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51Patch
- https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8edPatch
- https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959Patch
- https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6Patch
- https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07Patch
- https://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428Patch
- https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2Patch
- https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185Patch
- https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51Patch
- https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8edPatch
- https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959Patch
- https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6Patch
- https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07Patch
FAQ
What is CVE-2024-27038?
CVE-2024-27038 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_...
How severe is CVE-2024-27038?
CVE-2024-27038 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27038?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.