8750 – (CVE-2024-24863) fix a possible null pointer dereference in malidp_mw_connector_reset

Bug 8750 (CVE-2024-24863) - fix a possible null pointer dereference in malidp_mw_connector_reset

Summary: fix a possible null pointer dereference in malidp_mw_connector_reset

Status:	CONFIRMED

Alias:	CVE-2024-24863

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	5.10.y-16
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	Shiloong
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-04-12 16:40 UTC by Shiloong
Modified:	2024-04-29 09:36 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shiloong admin

2024-04-12 16:40:50 UTC

on behalf of 刘怀远 <qq810974084@gmail.com>:

在malidp_mw_connector_reset函数中，调用kzalloc函数申请内存的行为不保证成功，同时没有在解引用前进行检查，从而导致空指针解引用。
该模块被编译进内核中，发生空指针解引用会导致kernel panic并挂起系统

Comment 1 Shiloong admin

2024-04-12 16:45:36 UTC

the bugfix has been accepted by the maintainer:
https://lore.kernel.org/all/20240407063053.5481-1-qq810974084@gmail.com/