CVE-2024-49941

Summary

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()

In gpiod_get_label(), it is possible that srcu_dereference_check() may return a NULL pointer, leading to a scenario where label->str is accessed without verifying if label itself is NULL.

This patch adds a proper NULL check for label before accessing label->str. The check for label->str != NULL is removed because label->str can never be NULL if label is not NULL.

This fixes the issue where the label name was being printed as (efault) when dumping the sysfs GPIO file when label == NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa86d27693066a34a29be86f394bbad847b2d1749 < 9ee4b907d7a5d7a53b4ff7727c371ff3d44ccbbbaffected
LinuxLinuxa86d27693066a34a29be86f394bbad847b2d1749 < 7b99b5ab885993bff010ebcd93be5e511c56e28aaffected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References