CVE-2024-43824
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-43824
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43824.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-43824
- Downstream
- Related
- Published
- 2024-08-17T10:15:08Z
- Modified
- 2025-08-09T20:01:27Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-test: Make use of cached 'epcfeatures' in pciepftestcore_init()
Instead of getting the epcfeatures from pciepcgetfeatures() API, use the cached pciepftest::epcfeatures value to avoid the NULL check. Since the NULL check is already performed in pciepftestbind(), having one more check in pciepftestcoreinit() is redundant and it is not possible to hit the NULL pointer dereference.
Also with commit a01e7214bef9 ("PCI: endpoint: Remove "coreinitnotifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning:
drivers/pci/endpoint/functions/pci-epf-test.c:784 pciepftestcoreinit() error: we previously assumed 'epc_features' could be null (see line 747)
Thus, remove the redundant NULL check and also use the epcfeatures:: {msixcapable/msi_capable} flags directly to avoid local variables.
[kwilczynski: commit log]
- References