LiveActive security incident?Get immediate response
CVE Record

CVE-2024-58051: ipmi: ipmb: Add check devm_kasprintf() returned value

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Add check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel reliability flaw in the IPMI IPMB driver. A failed memory allocation was not checked, which could lead to unsafe behavior. The source bundle does not provide CVSS, CWE, impact detail, or evidence of active exploitation.

Executive priority

Treat as a routine-to-moderate kernel maintenance item unless your environment heavily depends on IPMI/IPMB hardware management. There is insufficient evidence for emergency response, but kernel flaws can accumulate operational risk if left unpatched.

Technical view

The kernel IPMI IPMB code called devm_kasprintf() without validating a possible NULL return. Stable kernel commits add the missing return-value check. The provided affected data names Linux kernel versions/branches but does not include CPEs or a scored impact assessment.

Likely exposure

Exposure is most plausible on Linux systems running affected kernel builds where the IPMI IPMB driver is present or enabled, especially server or hardware-management contexts. The bundle does not prove network reachability or default exploitability.

Exploitation context

No KEV listing is present, and the bundle provides no cited report of active exploitation. The available evidence describes a code defect and stable-kernel fixes, not public exploitation or weaponized procedures.

Researcher notes

The record is sparse: no CVSS, CWE, detailed impact, or exploit preconditions are supplied. Analysis should focus on the referenced stable commits, vendor backports, and whether local kernel configuration exposes the IPMI IPMB path.

Mitigation direction

  • Check your Linux vendor advisory for fixed kernel packages.
  • Prioritize systems using IPMI or baseboard-management integrations.
  • Plan kernel updates to branches containing the referenced stable fixes.
  • For Debian LTS systems, review the linked Debian security announcements.
  • If patching is delayed, review whether the IPMB driver is needed.

Validation and detection

  • Inventory Linux kernel versions across server and appliance fleets.
  • Identify hosts with IPMI IPMB driver support enabled or loaded.
  • Compare running kernels with vendor fixed-package guidance.
  • Confirm change tickets include reboot or live-patching requirements.
  • Monitor vendor advisories for CVSS, impact, or configuration updates.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-58051 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
12Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2, 51bd6f291583684f495ea498984dfc22049d7fd2unaffected
LinuxLinux5.3, 0, 5.4.291, 5.10.235, 5.15.179, 6.1.129, 6.6.76, 6.12.13, 6.13.2, 6.14affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.