CVE-2024-45028

mmc: mmc_test: Fix NULL dereference on allocation failure

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the error code to -ENOMEM instead of returning success.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9 patch
https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06 patch
https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea patch
https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6 patch
https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63 patch
https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c patch
https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890 patch
https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd patch

Frequently Asked Questions

What is the severity of CVE-2024-45028?
CVE-2024-45028 has been scored as a medium severity vulnerability.
How to fix CVE-2024-45028?
To fix CVE-2024-45028, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-45028 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-45028 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-45028?
CVE-2024-45028 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.