CVE-2024-49941
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
In gpiod_get_label(), it is possible that srcu_dereference_check() may
return a NULL pointer, leading to a scenario where label->str is accessed
without verifying if label itself is NULL.
This patch adds a proper NULL check for label before accessing
label->str. The check for label->str != NULL is removed because
label->str can never be NULL if label is not NULL.
This fixes the issue where the label name was being printed as (efault)
when dumping the sysfs GPIO file when label == NULL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a86d27693066a34a29be86f394bbad847b2d1749 < 9ee4b907d7a5d7a53b4ff7727c371ff3d44ccbbb | affected |
| Linux | Linux | a86d27693066a34a29be86f394bbad847b2d1749 < 7b99b5ab885993bff010ebcd93be5e511c56e28a | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/9ee4b907d7a5d7a53b4ff7727c371ff3d44ccbbb
- https://git.kernel.org/stable/c/7b99b5ab885993bff010ebcd93be5e511c56e28a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.