Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-36479

Disclosure Date: June 24, 2024 •

CVE-2024-36479 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

fpga: bridge: add owner module and take its refcount

The current implementation of the fpga bridge assumes that the low-level
module registers a driver for the parent device and uses its owner pointer
to take the module’s refcount. This approach is problematic since it can
lead to a null pointer dereference while attempting to get the bridge if
the parent device does not have a driver.

To address this problem, add a module owner pointer to the fpga_bridge
struct and use it to take the module’s refcount. Modify the function for
registering a bridge to take an additional owner module parameter and
rename it to avoid conflicts. Use the old function name for a helper macro
that automatically sets the module that registers the bridge as the owner.
This ensures compatibility with existing low-level control modules and
reduces the chances of registering a bridge without setting the owner.

Also, update the documentation to keep it consistent with the new interface
for registering an fpga bridge.

Other changes: opportunistically move put_device() from __fpga_bridge_get()
to fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since
the bridge device is taken in these functions.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

References

Canonical

CVE-2024-36479 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36479)

Miscellaneous

https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b

https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125

https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529

https://git.kernel.org/stable/c/18dc8366abb6cadcb77668b1a16434654e355d49

Rapid7

Unknown

CVE-2024-36479

Unknown

Unknown

None

Low

Local

CVE-2024-36479

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-36479

Unknown

Unknown

None

Low

Local

CVE-2024-36479

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification