Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTRIn some case, the GDDV returns a package with a buffer which haszero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).Then the data_vault_read() got NULL point dereference problem whenaccessing the 0x10 value in data_vault.[ 71.024560] BUG: kernel NULL pointer dereference, address:0000000000000010This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR orNULL value in data_vault.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds