CVE-2024-58005

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 27, 2025

Updated: Mar 13, 2025

Summary

CVE-2024-58005 is a vulnerability affecting the Linux kernel that was identified in an HPE ProLiant D320 server. The issue stems from the tpm driver inacpi.c, where a buffer of 16 MiB was allocated using kvalloc() for event logging. The problem lies in the fact that RSI, which points to the 'order' parameter of __alloc_pages_noprof(), was incorrectly used instead of devm_kmalloc(). This misconfiguration led to a warning, potentially allowing unintended memory access. To rectify the issue, the recommended solution is to replace devm_kmalloc() with kvmalloc() and devm_add_action() for proper memory management.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3xnlAk
https://www.cve.org/CVERecord?id=CVE-2024-58005
https://nvd.nist.gov/vuln/detail/CVE-2024-58005

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-58005

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations