CVE-2024-26717

HID: i2c-hid-of: fix NULL-deref on failed power up

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

HID: i2c-hid-of: fix NULL-deref on failed power up

A while back the I2C HID implementation was split in an ACPI and OF
part, but the new OF driver never initialises the client pointer which
is dereferenced on power-up failures.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: i2c-hid-of: corrige NULL-deref en caso de encendido fallido Hace un tiempo, la implementación de I2C HID se dividió en una parte ACPI y OF, pero el nuevo controlador OF nunca Inicializa el puntero del cliente al que se le quita la referencia en caso de fallos de encendido.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/b33752c300232d7f95dd9a4353947d0c9e6a0e52	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783	2024-02-23
https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c	2024-02-23
https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776	2024-02-23
https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3	2024-02-23
https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f	2024-01-26

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26717	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2273148	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.8"		en		Affected