CVE-2024-56767

dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3d229600c54e9e0909080ecaf1aab0642aefa5f0
https://git.kernel.org/stable/c/ed1a8aaa344522c0c349ac9042db27ad130ef913
https://git.kernel.org/stable/c/8d364597de9ce2a5f52714224bfe6c2e7a29b303
https://git.kernel.org/stable/c/fdba6d5e455388377ec7e82a5913ddfcc7edd93b patch
https://git.kernel.org/stable/c/e658f1c133b854b2ae799147301d82dddb8f3162 patch
https://git.kernel.org/stable/c/54376d8d26596f98ed7432a788314bb9154bf3e3 patch
https://git.kernel.org/stable/c/c43ec96e8d34399bd9dab2f2dc316b904892133f patch

Frequently Asked Questions

What is the severity of CVE-2024-56767?
CVE-2024-56767 has been scored as a medium severity vulnerability.
How to fix CVE-2024-56767?
To fix CVE-2024-56767, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56767 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56767 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56767?
CVE-2024-56767 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.