CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ^ Use the correct type instead here.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b	Patch
https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492	Patch
https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050	Patch
https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64	Patch
https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172	Patch
https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd	Patch
https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f	Patch
https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e	Patch
https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b	Patch
https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492	Patch
https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050	Patch
https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64	Patch
https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172	Patch
https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd	Patch
https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f	Patch
https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.15:-::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc7::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc8::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc9::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc6::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

17 Dec 2025, 19:39

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b -~~	() https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b - Patch
References	~~() https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492 -~~	() https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492 - Patch
References	~~() https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 -~~	() https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 - Patch
References	~~() https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 -~~	() https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 - Patch
References	~~() https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172 -~~	() https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172 - Patch
References	~~() https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd -~~	() https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd - Patch
References	~~() https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f -~~	() https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f - Patch
References	~~() https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e -~~	() https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -~~	() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -~~	() https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - Third Party Advisory
CPE		cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:4.15:-:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc9:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc6:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc8:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc7::::::
First Time		Linux Debian Debian debian Linux Linux linux Kernel
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

21 Nov 2024, 09:04

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
References	~~() https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b -~~	() https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b -
References	~~() https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492 -~~	() https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492 -
References	~~() https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 -~~	() https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050 -
References	~~() https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 -~~	() https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64 -
References	~~() https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172 -~~	() https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172 -
References	~~() https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd -~~	() https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd -
References	~~() https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f -~~	() https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f -
References	~~() https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e -~~	() https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e -

05 Nov 2024, 10:16

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~

27 Jun 2024, 13:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

25 Jun 2024, 23:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi/capsule-loader: corrige el tamaño de asignación incorrecto gcc-14 advierte que la asignación con sizeof(void) en arquitecturas de 32 bits no es suficiente para phys_addr_t: drivers de 64 bits /firmware/efi/capsule-loader.c: En función 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: asignación de tamaño '4' insuficiente para el tipo 'phys_addr_t' {alias ' long long unsigned int'} con tamaño '8' [-Werror=alloc-size] 295 \| cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); \| ^ Utilice el tipo correcto aquí.
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -

17 May 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-17 12:15

Updated : 2025-12-17 19:39

NVD link : CVE-2024-27413

Mitre link : CVE-2024-27413

CVE.ORG link : CVE-2024-27413

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10