{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-27413","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:47:42.682Z","datePublished":"2024-05-17T11:50:53.780Z","dateUpdated":"2026-05-11T20:10:32.564Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:10:32.564Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]\n  295 |         cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);\n      |                        ^\n\nUse the correct type instead here."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/firmware/efi/capsule-loader.c"],"versions":[{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"00cf21ac526011a29fc708f8912da446fac19f7b","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"950d4d74d311a18baed6878dbfba8180d7e5dddd","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"537e3f49dbe88881a6f0752beaa596942d9efd64","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"4b73473c050a612fb4317831371073eda07c3050","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"ddc547dd05a46720866c32022300f7376c40119f","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"11aabd7487857b8e7d768fefb092f66dfde68492","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"62a5dcd9bd3097e9813de62fa6f22815e84a0172","status":"affected","versionType":"git"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e","status":"affected","versionType":"git"},{"version":"95a362c9a6892085f714eb6e31eea6a0e3aa93bf","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/firmware/efi/capsule-loader.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"4.19.309","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.271","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.212","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.151","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.81","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.21","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.9","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.309"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.271"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.212"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.6.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.7.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"},{"url":"https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"},{"url":"https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"},{"url":"https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"},{"url":"https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"},{"url":"https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"},{"url":"https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"},{"url":"https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"}],"title":"efi/capsule-loader: fix incorrect allocation size","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-17T17:39:33.014498Z","id":"CVE-2024-27413","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T17:43:44.618Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:34:52.364Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]}]},"dataVersion":"5.2"}