Search for vulnerabilities
| Vulnerability ID | VCID-xbjr-1gre-fufw |
| Aliases |
CVE-2024-43824
|
| Summary | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference. Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning: drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747) Thus, remove the redundant NULL check and also use the epc_features:: {msix_capable/msi_capable} flags directly to avoid local variables. [kwilczynski: commit log] |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 4.0 |
| Risk | 2.0 |
| Affected and Fixed Packages | Package Details |
| CWE-476 | NULL Pointer Dereference |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43824.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2024-43824 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43824 | ||
| https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
| 2305482 | https://bugzilla.redhat.com/show_bug.cgi?id=2305482 | |
| 5a5095a8bd1bd349cce1c879e5e44407a34dda8a | https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a | |
| af4ad016abb1632ff7ee598a6037952b495e5b80 | https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80 | |
| USN-7154-1 | https://usn.ubuntu.com/7154-1/ | |
| USN-7154-2 | https://usn.ubuntu.com/7154-2/ | |
| USN-7155-1 | https://usn.ubuntu.com/7155-1/ | |
| USN-7156-1 | https://usn.ubuntu.com/7156-1/ | |
| USN-7196-1 | https://usn.ubuntu.com/7196-1/ |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.01037 |
| EPSS Score | 9e-05 |
| Published At | June 7, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:51:19.136116+00:00 | Debian Importer | Import | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |