CVE-2024-38573

Advisory lineage Upstream: 0 Downstream: 29

Downstream

DEBIAN-CVE-2024-38573 MGASA-2024-0263 MGASA-2024-0266 RHSA-2024:5101 RHSA-2024:5102 RHSA-2024:6744

Analyzed

Published: 19 Jun 2024, 13:35

Last modified:11 May 2026, 20:19

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jun 2024, 13:35

Published

Vulnerability first disclosed

11 May 2026, 20:19

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ a28b2bfc099c6b9caa6ef697660408e076a32019, < 9a185cc5a79ba408e1c73375706630662304f618 | ≥ a28b2bfc099c6b9caa6ef697660408e076a32019, < 769c4f355b7962895205b86ad35617873feef9a5 | ≥ a28b2bfc099c6b9caa6ef697660408e076a32019, < f84b9b25d045e67a7eee5e73f21278c8ab06713c | ≥ a28b2bfc099c6b9caa6ef697660408e076a32019, < b18daa4ec727c0266de5bfc78e818d168cc4aedf | ≥ a28b2bfc099c6b9caa6ef697660408e076a32019, < dfec15222529d22b15e5b0d63572a9e39570cab4 | ≥ a28b2bfc099c6b9caa6ef697660408e076a32019, < cf7de25878a1f4508c69dc9f6819c21ba177dbfe | 5.11
linux•linux_kernel
≥ 5.11, < 5.15.161 | ≥ 5.16, < 6.1.93 | ≥ 6.2, < 6.6.33 | ≥ 6.7, < 6.8.12 | ≥ 6.9, < 6.9.3