CVE-2024-49860

Public on 2024-10-21
Modified on 2025-01-10
Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: sysfs: validate return type of _STR method

Severity
Important
See what this means
CVSS v3 Base Score
7.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2025-02-19 ALAS-2025-1960
Amazon Linux 2 - Core kernel 2025-02-25 ALAS2-2025-2759
Amazon Linux 2 - Kernel-5.10 Extra kernel 2024-10-31 ALAS2KERNEL-5.10-2024-072
Amazon Linux 2 - Kernel-5.15 Extra kernel 2024-10-31 ALAS2KERNEL-5.15-2024-056
Amazon Linux 2 - Kernel-5.4 Extra kernel 2025-01-24 ALAS2KERNEL-5.4-2025-090
Amazon Linux 2023 kernel 2025-01-09 ALAS2023-2025-794
Amazon Linux 2023 kernel-livepatch-6.1.112-124.190 2025-02-05 ALAS2023LIVEPATCH-2025-037

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
NVD CVSSv3 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2024-49860 Mitre: CVE-2024-49860