CVE-2024-50070

medium

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review.

References

https://git.kernel.org/stable/c/b0f0e3f0552a566def55c844b0d44250c58e4df6

https://git.kernel.org/stable/c/a8d52de0a6c6b091b2771bcb98ce408cf9d69fe3

https://git.kernel.org/stable/c/3b36bb1fca2b87f6292ca2a8593f297c5e9fab41

https://git.kernel.org/stable/c/1f266957ae1207b0717c2d69096bc70654ae9fcb

Details

Source: Mitre, NVD

Published: 2024-10-29

Updated: 2025-02-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium