CVE-2024-27037

clk: zynq: Prevent null pointer dereference caused by kmalloc failure

Description

In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to the null address, the null pointer dereference bug will happen. This patch uses a stack variable to replace the kmalloc().

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db patch
https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d patch
https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85 patch
https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8 patch
https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b patch
https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6 patch

Frequently Asked Questions

What is the severity of CVE-2024-27037?
CVE-2024-27037 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27037?
To fix CVE-2024-27037, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27037 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27037 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27037?
CVE-2024-27037 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.