CVE-2024-26978

serial: max310x: fix NULL pointer dereference in I2C instantiation

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: serial: max310x: fix NULL pointer dereference in I2C instantiation When trying to instantiate a max14830 device from userspace: echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/new_device we get the following error: Unable to handle kernel NULL pointer dereference at virtual address... ... Call trace: max310x_i2c_probe+0x48/0x170 [max310x] i2c_device_probe+0x150/0x2a0 ... Add check for validity of devtype to prevent the error, and abort probe
with a meaningful error message.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: serial: max310x: corrige la desreferencia del puntero NULL en la creación de instancias I2C Al intentar crear una instancia de un dispositivo max14830 desde el espacio de usuario: echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/ new_device obtenemos el siguiente error: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual... ... Rastreo de llamadas: max310x_i2c_probe+0x48/0x170 [max310x] i2c_device_probe+0x150/0x2a0... Agregar verificación de validez del tipo de desarrollo para evitar el error y cancelar la sonda con un mensaje de error significativo.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-12-19 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/f5c252aaa1be5d38604e58e9bd335065f767d0d8	Vuln. Introduced
https://git.kernel.org/stable/c/85d79478710ad2cbf11857aec107084a7104943e	Vuln. Introduced
https://git.kernel.org/stable/c/2e1f2d9a9bdbe12ee475c82a45ac46a278e8049a	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7d271b798add90c6196539167c019d0817285cf0	2024-04-13
https://git.kernel.org/stable/c/c45e53c27b78afd6c81fc25608003576f27b5735	2024-04-13
https://git.kernel.org/stable/c/12609c76b755dbeb1645c0aacc0f0f4743b2eff3	2024-04-03
https://git.kernel.org/stable/c/2160ad6861c4a21d3fa553d7b2aaec6634a37f8a	2024-04-03
https://git.kernel.org/stable/c/5cd8af02b466e1beeae13e2de3dc58fcc7925e5a	2024-04-03
https://git.kernel.org/stable/c/aeca49661fd02fd56fb026768b580ce301b45733	2024-04-03
https://git.kernel.org/stable/c/0d27056c24efd3d63a03f3edfbcfc4827086b110	2024-01-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.272 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.272 < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.213 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.213 < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.8.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.8.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.9"		en		Affected