CVE-2024-58051

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-58051
In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Add check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/1a8a17c5ce9cb5a82797602bff9819ac732d2ff5 Patch
https://git.kernel.org/stable/c/2378bd0b264ad3a1f76bd957caf33ee0c7945351 Patch
https://git.kernel.org/stable/c/312a6445036d692bc5665307eeafa4508c33c4b5 Patch
https://git.kernel.org/stable/c/4c9caf86d04dcb10e9fd8cd9db8eb79b5bfcc4d8 Patch
https://git.kernel.org/stable/c/a63284d415d4d114abd8be6e66a9558f3ca0702d Patch
https://git.kernel.org/stable/c/caac520350546e736894d14e051b64a9edb3600c Patch
https://git.kernel.org/stable/c/e529fbcf1f35f5fc3c839df7f06c3e3d02579715 Patch
https://git.kernel.org/stable/c/eb288ab33fd87579789cb331209ff09e988ff4f7 Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

03 Nov 2025, 20:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html -
  • () https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html -

28 Oct 2025, 02:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/1a8a17c5ce9cb5a82797602bff9819ac732d2ff5 - () https://git.kernel.org/stable/c/1a8a17c5ce9cb5a82797602bff9819ac732d2ff5 - Patch
References () https://git.kernel.org/stable/c/2378bd0b264ad3a1f76bd957caf33ee0c7945351 - () https://git.kernel.org/stable/c/2378bd0b264ad3a1f76bd957caf33ee0c7945351 - Patch
References () https://git.kernel.org/stable/c/312a6445036d692bc5665307eeafa4508c33c4b5 - () https://git.kernel.org/stable/c/312a6445036d692bc5665307eeafa4508c33c4b5 - Patch
References () https://git.kernel.org/stable/c/4c9caf86d04dcb10e9fd8cd9db8eb79b5bfcc4d8 - () https://git.kernel.org/stable/c/4c9caf86d04dcb10e9fd8cd9db8eb79b5bfcc4d8 - Patch
References () https://git.kernel.org/stable/c/a63284d415d4d114abd8be6e66a9558f3ca0702d - () https://git.kernel.org/stable/c/a63284d415d4d114abd8be6e66a9558f3ca0702d - Patch
References () https://git.kernel.org/stable/c/caac520350546e736894d14e051b64a9edb3600c - () https://git.kernel.org/stable/c/caac520350546e736894d14e051b64a9edb3600c - Patch
References () https://git.kernel.org/stable/c/e529fbcf1f35f5fc3c839df7f06c3e3d02579715 - () https://git.kernel.org/stable/c/e529fbcf1f35f5fc3c839df7f06c3e3d02579715 - Patch
References () https://git.kernel.org/stable/c/eb288ab33fd87579789cb331209ff09e988ff4f7 - () https://git.kernel.org/stable/c/eb288ab33fd87579789cb331209ff09e988ff4f7 - Patch
CWE CWE-476

13 Mar 2025, 13:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/1a8a17c5ce9cb5a82797602bff9819ac732d2ff5 -
  • () https://git.kernel.org/stable/c/caac520350546e736894d14e051b64a9edb3600c -
  • () https://git.kernel.org/stable/c/eb288ab33fd87579789cb331209ff09e988ff4f7 -
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipmi: ipmb: Agregar verificación del valor devuelto por devm_kasprintf() devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto no se verifica.

06 Mar 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-06 16:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-58051

Mitre link : CVE-2024-58051

CVE.ORG link : CVE-2024-58051

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference