{"id":"CVE-2024-56662","summary":"acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl\n\nFix an issue detected by syzbot with KASAN:\n\nBUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/\ncore.c:416 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0\ndrivers/acpi/nfit/core.c:459\n\nThe issue occurs in cmd_to_func when the call_pkg-\u003end_reserved2\narray is accessed without verifying that call_pkg points to a buffer\nthat is appropriately sized as a struct nd_cmd_pkg. This can lead\nto out-of-bounds access and undefined behavior if the buffer does not\nhave sufficient space.\n\nTo address this, a check was added in acpi_nfit_ctl() to ensure that\nbuf is not NULL and that buf_len is less than sizeof(*call_pkg)\nbefore accessing it. This ensures safe access to the members of\ncall_pkg, including the nd_reserved2 array.","modified":"2026-05-18T05:57:59.859587023Z","published":"2024-12-27T15:06:24.661Z","related":["ALSA-2025:20095","ALSA-2025:20518","SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0565-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56662.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/212846fafb753a48e869e2a342fc1e24048da771"},{"type":"WEB","url":"https://git.kernel.org/stable/c/265e98f72bac6c41a4492d3e30a8e5fd22fe0779"},{"type":"WEB","url":"https://git.kernel.org/stable/c/616aa5f3c86e0479bcbb81e41c08c43ff32af637"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bbdb3307f609ec4dc9558770f464ede01fe52aed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56662.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56662"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ebe9f6f19d80d8978d16078dff3d5bd93ad8d102"},{"fixed":"616aa5f3c86e0479bcbb81e41c08c43ff32af637"},{"fixed":"bbdb3307f609ec4dc9558770f464ede01fe52aed"},{"fixed":"143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0"},{"fixed":"e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d"},{"fixed":"212846fafb753a48e869e2a342fc1e24048da771"},{"fixed":"265e98f72bac6c41a4492d3e30a8e5fd22fe0779"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"63108f2a408abea7ecab063efa0f398da4d0d14b"},{"last_affected":"f5878c4f084dc6b1386dad03970bb61ad5e9dc4b"},{"last_affected":"0c79794474895dbbc3c52225f7e9f73cfecbb7dd"}]}],"versions":["v4.14.175","v4.14.174","v4.14.173","v4.14.172","v4.14.171","v4.14.170","v4.14.169","v4.14.168","v4.14.167","v4.14.166","v4.14.165","v4.14.164","v4.14.163","v4.14.162","v4.14.161","v4.14.160","v4.14.159","v4.14.158","v4.14.157","v4.14.156","v4.14.155","v4.14.154","v4.14.153","v4.14.152","v4.14.151","v4.14.150","v4.14.149","v4.14.148","v4.14.147","v4.14.146","v4.14.145","v4.14.144","v4.14.143","v4.14.142","v4.14.141","v4.14.140","v4.14.139","v4.14.138","v4.14.137","v4.14.136","v4.14.135","v4.14.134","v4.14.133","v4.14.132","v4.14.131","v4.14.130","v4.14.129","v4.14.128","v4.14.127","v4.14.126","v4.14.125","v4.14.124","v4.14.123","v4.14.122","v4.14.121","v4.14.120","v4.14.119","v5.0-rc8","v4.14.118","v4.14.117","v4.14.116","v4.14.115","v5.0","v4.14.114","v4.14.113","v4.14.112","v4.14.111","v5.0-rc1","v4.14.110","v4.14.109","v4.14.108","v5.0.3","v4.19.30","v4.14.107","v4.14.106","v4.19.29","v5.0.2","v4.14.105","v4.19.28","v5.0.1","v4.19.27","v4.19.26","v4.14.104","v5.0-rc4","v5.0-rc3","v5.0-rc6","v4.19.25","v4.14.103","v5.0-rc7","v4.19.24","v4.14.102","v5.0-rc2","v4.19.23","v4.14.101","v5.0-rc5","v4.19.22","v4.14.100","v4.19.21","v4.14.99","v4.19.20","v4.14.98","v4.14.97","v4.19.19","v4.19.18","v4.14.96","v4.14.95","v4.19.17","v4.20-rc1","v4.14.94","v4.19.16","v4.19","v4.14.93","v4.19.15","v4.20","v4.14.92","v4.19.14","v4.19.13","v4.14.91","v4.20-rc7","v4.20-rc5","v4.14.90","v4.19.12","v4.20-rc6","v4.19.11","v4.14.89","v4.19.10","v4.20-rc4","v4.20-rc2","v4.14.88","v4.19.9","v4.14.87","v4.19.8","v4.20-rc3","v4.14.86","v4.19.7","v4.14.85","v4.19.6","v4.14.84","v4.19.5","v4.19.4","v4.14.83","v4.14.82","v4.19.3","v4.14.81","v4.19.2","v4.14.80","v4.19.1","v4.14.79","v4.14.78","v4.19-rc2","v4.19-rc8","v4.19-rc4","v4.14.77","v4.19-rc1","v4.14.76","v4.19-rc7","v4.14.75","v4.14.74","v4.19-rc6","v4.19-rc5","v4.14.73","v4.19-rc3","v4.14.72","v4.14.71","v4.14.70","v4.14.69","v4.14.68","v4.14.67","v4.14.66","v4.18","v4.14.65","v4.14.64","v4.14.63","v4.18-rc1","v4.14.62","v4.18-rc8","v4.18-rc2","v4.18-rc5","v4.14.61","v4.18-rc6","v4.14.60","v4.18-rc7","v4.14.59","v4.17","v4.14.58","v4.18-rc3","v4.14.57","v4.14.56","v4.18-rc4","v4.14.55","v4.14.54","v4.14.53","v4.14.52","v4.14.51","v4.14.50","v4.14.49","v4.14.48","v4.17-rc1","v4.14.47","v4.17-rc2","v4.17-rc7","v4.17-rc3","v4.17-rc4","v4.16","v4.14.46","v4.14.45","v4.17-rc6","v4.14.44","v4.17-rc5","v4.14.43","v4.14.42","v4.14.41","v4.14.40","v4.14.39","v4.14.38","v4.14.37","v4.14.36","v4.14.35","v4.14.34","v4.14.33","v4.16-rc7","v4.16-rc4","v4.14.32","v4.16-rc1","v4.16-rc2","v4.16-rc5","v4.14.31","v4.14.30","v4.16-rc3","v4.16-rc6","v4.14.29","v4.14.28","v4.14.27","v4.14.26","v4.14.25","v4.14.24","v4.14","v4.14.23","v4.15","v4.14.22","v4.14.21","v4.14.20","v4.14.19","v4.14.18","v4.14.17","v4.15-rc1","v4.14.16","v4.15-rc4","v4.14.15","v4.15-rc9","v4.14.14","v4.15-rc8","v4.15-rc7","v4.14.13","v4.15-rc3","v4.15-rc2","v4.15-rc5","v4.15-rc6","v4.14.12","v4.14.11","v4.14.10","v4.14.9","v4.14.8","v4.14.7","v4.14.6","v4.14.5","v4.14.4","v4.14.3","v4.14.2","v4.14-rc1","v4.14.1","v4.14-rc7","v4.14-rc3","v4.13","v4.14-rc8","v4.14-rc4","v4.14-rc6","v4.14-rc2","v4.14-rc5","v4.13-rc2","v4.13-rc1","v4.13-rc3","v4.13-rc7","v4.13-rc4","v4.13-rc5","v4.13-rc6","v4.12-rc1","v4.12","v4.12-rc5","v4.12-rc7","v4.12-rc6","v4.12-rc4","v4.12-rc2","v4.12-rc3","v4.11","v4.11-rc1","v4.11-rc6","v4.11-rc8","v4.11-rc7","v4.11-rc3","v4.11-rc5","v4.11-rc2","v4.11-rc4","v4.10","v4.9","v4.10-rc8","v4.10-rc3","v4.10-rc1","v4.10-rc7","v4.10-rc6","v4.10-rc2","v4.10-rc5","v4.10-rc4","v4.9-rc7","v4.9-rc6","v4.9-rc8","v4.9-rc1","v4.9-rc5","v4.9-rc3","v4.9-rc4","v4.9-rc2","v4.8","v4.8-rc8","v4.8-rc2","v4.8-rc1","v4.8-rc7","v4.8-rc6","v4.8-rc5","v4.8-rc4","v4.8-rc3","v4.7","v4.7-rc4","v4.7-rc2","v4.7-rc1","v4.7-rc7","v4.7-rc6","v4.7-rc3","v4.7-rc5","v4.6","v4.6-rc1","v4.6-rc6","v4.6-rc4","v4.6-rc7","v4.6-rc5","v4.5-rc4","v4.6-rc2","v4.6-rc3","v4.5","v4.4","v4.5-rc1","v4.5-rc6","v4.5-rc2","v4.5-rc7","v4.5-rc5","v4.5-rc3","v4.4-rc1","v4.4-rc2","v4.4-rc8","v4.4-rc3","v4.4-rc7","v4.4-rc5","v4.4-rc6","v4.4-rc4","v4.3","v4.3-rc1","v4.3-rc6","v4.3-rc4","v4.3-rc2","v4.3-rc7","v4.3-rc5","v4.3-rc3","v4.2","v4.2-rc2","v4.2-rc1","v4.2-rc8","v4.2-rc4","v4.2-rc6","v4.2-rc7","v4.0-rc5","v4.2-rc5","v4.2-rc3","v4.1-rc2","v4.1","v4.1-rc1","v4.1-rc8","v4.1-rc7","v4.1-rc6","v4.1-rc3","v4.1-rc4","v4.0","v4.1-rc5","v4.0-rc1","v4.0-rc2","v4.0-rc7","v4.0-rc3","v4.0-rc6","v4.0-rc4","v3.19","v3.19-rc7","v3.19-rc5","v3.19-rc1","v3.19-rc6","v3.19-rc4","v3.18-rc1","v3.19-rc3","v3.19-rc2","v3.18","v3.18-rc7","v3.18-rc6","v3.18-rc2","v3.18-rc3","v3.18-rc4","v3.18-rc5","v3.17","v3.17-rc1","v3.17-rc7","v3.17-rc2","v3.17-rc4","v3.16","v3.17-rc5","v3.17-rc6","v3.17-rc3","v3.16-rc7","v3.16-rc1","v3.16-rc3","v3.16-rc5","v3.16-rc6","v3.16-rc2","v3.16-rc4","v3.13","v3.15","v3.15-rc5","v3.15-rc8","v3.15-rc1","v3.15-rc6","v3.15-rc3","v3.15-rc7","v3.15-rc2","v3.15-rc4","v3.14","v3.14-rc4","v3.14-rc8","v3.14-rc7","v3.14-rc6","v3.14-rc1","v3.14-rc2","v3.14-rc5","v3.14-rc3","v3.13-rc6","v3.13-rc8","v3.12","v3.13-rc7","v3.13-rc1","v3.13-rc4","v3.13-rc3","v3.13-rc5","v3.13-rc2","v3.12-rc7","v3.12-rc3","v3.12-rc6","v3.12-rc1","v3.12-rc5","v3.11","v3.12-rc2","v3.12-rc4","v3.11-rc7","v3.11-rc2","v3.11-rc5","v3.11-rc1","v3.11-rc3","v3.11-rc4","v3.11-rc6","v3.10-rc2","v3.10","v3.10-rc7","v3.10-rc6","v3.10-rc1","v3.10-rc5","v3.10-rc3","v3.10-rc4","v3.9","v3.9-rc2","v3.9-rc7","v3.9-rc8","v3.9-rc3","v3.9-rc6","v3.9-rc5","v3.9-rc4","v3.9-rc1","v3.8","v3.8-rc7","v3.8-rc6","v3.8-rc5","v3.8-rc2","v3.8-rc1","v3.8-rc3","v3.8-rc4","v3.7","v3.7-rc1","v3.6","v3.7-rc6","v3.7-rc7","v3.7-rc3","v3.7-rc8","v3.7-rc2","v3.7-rc4","v3.7-rc5","v3.6-rc7","v3.6-rc1","v3.5-rc3","v3.6-rc6","v3.6-rc5","v3.5","v3.6-rc3","v3.6-rc4","v3.6-rc2","v3.4-rc4","v3.5-rc7","v3.5-rc5","v3.5-rc6","v3.5-rc2","v3.5-rc1","v3.5-rc4","v3.4","v3.4-rc2","v3.4-rc1","v3.4-rc7","v3.4-rc6","v3.4-rc3","v3.4-rc5","v3.3","v3.3-rc6","v3.3-rc3","v3.3-rc7","v3.3-rc2","v3.3-rc5","v3.2","v3.3-rc4","v3.3-rc1","v3.2-rc4","v3.2-rc7","v3.2-rc6","v3.2-rc5","v3.2-rc3","v3.1","v3.2-rc2","v3.2-rc1","v3.1-rc1","v3.1-rc9","v3.1-rc8","v3.1-rc10","v3.1-rc7","v3.1-rc3","v3.1-rc2","v3.1-rc4","v3.1-rc5","v3.0","v3.1-rc6","v3.0-rc7","v3.0-rc4","v3.0-rc6","v3.0-rc5","v3.0-rc3","v3.0-rc1","v2.6.39","v3.0-rc2","v2.6.38","v2.6.39-rc2","v2.6.39-rc7","v2.6.39-rc5","v2.6.39-rc1","v2.6.38-rc7","v2.6.39-rc6","v2.6.39-rc4","v2.6.39-rc3","v2.6.37","v2.6.38-rc1","v2.6.38-rc8","v2.6.38-rc2","v2.6.38-rc6","v2.6.38-rc5","v2.6.38-rc4","v2.6.38-rc3","v2.6.37-rc4","v2.6.37-rc2","v2.6.36","v2.6.37-rc5","v2.6.37-rc8","v2.6.37-rc7","v2.6.37-rc6","v2.6.37-rc1","v2.6.37-rc3","v2.6.36-rc6","v2.6.35-rc4","v2.6.36-rc8","v2.6.35","v2.6.36-rc7","v2.6.36-rc3","v2.6.36-rc5","v2.6.36-rc4","v2.6.36-rc2","v2.6.36-rc1","v2.6.35-rc5","v2.6.35-rc6","v2.6.34","v2.6.35-rc3","v2.6.35-rc1","v2.6.35-rc2","v2.6.34-rc7","v2.6.34-rc6","v2.6.34-rc5","v2.6.34-rc4","v2.6.34-rc3","v2.6.34-rc2","v2.6.34-rc1","v2.6.33","v2.6.33-rc6","v2.6.33-rc8","v2.6.33-rc4","v2.6.33-rc5","v2.6.33-rc3","v2.6.33-rc7","v2.6.33-rc2","v2.6.32","v2.6.33-rc1","v2.6.32-rc8","v2.6.32-rc7","v2.6.32-rc6","v2.6.31","v2.6.32-rc5","v2.6.32-rc4","v2.6.32-rc2","v2.6.32-rc1","v2.6.32-rc3","v2.6.31-rc9","v2.6.31-rc1","v2.6.31-rc7","v2.6.31-rc8","v2.6.31-rc6","v2.6.30-rc6","v2.6.30","v2.6.31-rc4","v2.6.31-rc5","v2.6.31-rc3","v2.6.31-rc2","v2.6.30-rc7","v2.6.30-rc8","v2.6.30-rc5","v2.6.30-rc3","v2.6.30-rc4","v2.6.30-rc1","v2.6.30-rc2","v2.6.29","v2.6.29-rc8","v2.6.29-rc7","v2.6.29-rc5","v2.6.29-rc1","v2.6.29-rc6","v2.6.29-rc4","v2.6.29-rc3","v2.6.29-rc2","v2.6.28","v2.6.28-rc7","v2.6.28-rc9","v2.6.28-rc8","v2.6.28-rc6","v2.6.28-rc5","v2.6.28-rc4","v2.6.28-rc2","v2.6.28-rc3","v2.6.28-rc1","v2.6.27","v2.6.27-rc7","v2.6.27-rc9","v2.6.27-rc8","v2.6.27-rc5","v2.6.27-rc6","v2.6.27-rc4","v2.6.27-rc1","v2.6.27-rc3","v2.6.27-rc2","v2.6.26","v2.6.26-rc9","v2.6.26-rc8","v2.6.26-rc3","v2.6.26-rc7","v2.6.26-rc6","v2.6.26-rc5","v2.6.26-rc4","v2.6.26-rc2","v2.6.26-rc1","v2.6.25","v2.6.25-rc7","v2.6.25-rc9","v2.6.25-rc8","v2.6.25-rc6","v2.6.25-rc5","v2.6.25-rc3","v2.6.25-rc4","v2.6.24","v2.6.25-rc2","v2.6.25-rc1","v2.6.24-rc8","v2.6.24-rc7","v2.6.24-rc6","v2.6.24-rc5","v2.6.24-rc4","v2.6.24-rc3","v2.6.24-rc2","v2.6.24-rc1","v2.6.23","v2.6.23-rc9","v2.6.23-rc8","v2.6.23-rc5","v2.6.23-rc7","v2.6.23-rc6","v2.6.23-rc4","v2.6.23-rc3","v2.6.23-rc2","v2.6.23-rc1","v2.6.22","v2.6.22-rc7","v2.6.22-rc6","v2.6.22-rc5","v2.6.22-rc4","v2.6.22-rc3","v2.6.22-rc2","v2.6.22-rc1","v2.6.21","v2.6.21-rc7","v2.6.21-rc6","v2.6.21-rc5","v2.6.21-rc4","v2.6.21-rc3","v2.6.21-rc2","v2.6.21-rc1","v2.6.20-rc7","v2.6.20-rc6","v2.6.20-rc5","v2.6.20-rc4","v2.6.20-rc3","v2.6.20-rc1","v2.6.20-rc2","v2.6.19-rc2","v2.6.18","v2.6.19-rc1","v2.6.18-rc6","v2.6.18-rc5","v2.6.18-rc3","v2.6.18-rc2","v2.6.18-rc1","v2.6.17","v2.6.17-rc4","v2.6.17-rc6","v2.6.17-rc5","v2.6.17-rc3","v2.6.17-rc2","v2.6.17-rc1","v2.6.16","v2.6.16-rc6","v2.6.16-rc4","v2.6.16-rc5","v2.6.16-rc3","v2.6.16-rc2","v2.6.16-rc1","v2.6.15-rc7","v2.6.15-rc5","v2.6.15-rc4","v2.6.15-rc2","v2.6.15-rc1","v2.6.14-rc3","v2.6.14-rc2","v2.6.14-rc1","v2.6.13","v2.6.13-rc7","v2.6.13-rc6","v2.6.13-rc5","v2.6.13-rc3","v2.6.13-rc4","v2.6.13-rc2","v2.6.13-rc1","v2.6.12-rc4","v2.6.12-rc3","v2.6.12-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56662.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.1.0"},{"fixed":"5.10.232"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.121"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.67"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56662.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"}]}