CVE-2024-33619

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-33619

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33619.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33619

Downstream

BELL-CVE-2024-33619

DEBIAN-CVE-2024-33619

OESA-2024-1960

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-33619

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Related

Published

2024-06-21T11:15:09Z

Modified

2025-08-09T19:01:28Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

efi: libstub: only free priv.runtime_map when allocated

priv.runtimemap is only allocated when efinovamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an uninitialized value to freepool. Free priv.runtimemap only when it was allocated.

This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.

References

Affected packages