CVE-2024-49860

ACPI: sysfs: validate return type of _STR method

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05
https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554
https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5 patch
https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce patch
https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be patch
https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0 patch
https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323 patch
https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d patch
https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b patch

Frequently Asked Questions

What is the severity of CVE-2024-49860?
CVE-2024-49860 has been scored as a high severity vulnerability.
How to fix CVE-2024-49860?
To fix CVE-2024-49860, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49860 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49860 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49860?
CVE-2024-49860 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.