CVE-2024-26717

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: i2c-hid-of: fix NULL-deref on failed power up

A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb33752c300232d7f95dd9a4353947d0c9e6a0e52 < 62f5d219edbd174829aa18d4b3d97cd5fefbb783affected
LinuxLinuxb33752c300232d7f95dd9a4353947d0c9e6a0e52 < d7d7a0e3b6f5adc45f23667cbb919e99093a5b5caffected
LinuxLinuxb33752c300232d7f95dd9a4353947d0c9e6a0e52 < 4cad91344a62536a2949873bad6365fbb6232776affected
LinuxLinuxb33752c300232d7f95dd9a4353947d0c9e6a0e52 < e28d6b63aeecbda450935fb58db0e682ea8212d3affected
LinuxLinuxb33752c300232d7f95dd9a4353947d0c9e6a0e52 < 00aab7dcb2267f2aef59447602f34501efe1a07faffected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.79 <= 6.1.*unaffected
LinuxLinux6.6.18 <= 6.6.*unaffected
LinuxLinux6.7.6 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References