CVE-2024-49871

Summary

In the Linux kernel, the following vulnerability has been resolved:

Input: adp5589-keys - fix NULL pointer dereference

We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our device object. However, i2c_set_clientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux30df385e35a48f773b85117fc490152c2395e45b < 4449fedb8a710043fc0925409eba844c192d4337affected
LinuxLinux30df385e35a48f773b85117fc490152c2395e45b < 34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01edaffected
LinuxLinux30df385e35a48f773b85117fc490152c2395e45b < 7c3f04223aaf82489472d614c6decee5a1ce8d7faffected
LinuxLinux30df385e35a48f773b85117fc490152c2395e45b < 9a38791ee79bd17d225c15a6d1479448be127a59affected
LinuxLinux30df385e35a48f773b85117fc490152c2395e45b < 122b160561f6429701a0559a0f39b0ae309488c6affected
LinuxLinux30df385e35a48f773b85117fc490152c2395e45b < fb5cc65f973661241e4a2b7390b429aa7b330c69affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References