CVE-2024-58020

HID: multitouch: Add NULL check in mt_input_configured

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this
returned value in mt_input_configured() is not checked.
Add NULL check in mt_input_configured(), to handle kernel NULL
pointer dereference error.

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt_input_configured() is not checked. Add NULL check in mt_input_configured(), to handle kernel NULL pointer dereference error.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Attila Sz�sz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-27 CVE Reserved
2025-02-27 CVE Published
2025-05-04 CVE Updated
2025-06-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/df7ca43fe090e1a56c216c8ebc106ef5fd49afc6	Vuln. Introduced
https://git.kernel.org/stable/c/15ec7cb55e7d88755aa01d44a7a1015a42bfce86	Vuln. Introduced
https://git.kernel.org/stable/c/dde88ab4e45beb60b217026207aa9c14c88d71ab	Vuln. Introduced
https://git.kernel.org/stable/c/2763732ec1e68910719c75b6b896e11b6d3d622b	Vuln. Introduced
https://git.kernel.org/stable/c/4794394635293a3e74591351fff469cea7ad15a2	Vuln. Introduced
https://git.kernel.org/stable/c/ac0d389402a6ff9ad92cea02c2d8c711483b91ab	Vuln. Introduced
https://git.kernel.org/stable/c/39c70c19456e50dcb3abfe53539220dff0490f1d	Vuln. Introduced
https://git.kernel.org/stable/c/1d7833db9fd118415dace2ca157bfa603dec9c8c	Vuln. Introduced
https://git.kernel.org/stable/c/b70ac7849248ec8128fa12f86e3655ba38838f29	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a04d96ef67a42165f93194eef22a270acba4b74c	2025-03-13
https://git.kernel.org/stable/c/a6bfd3856e9f3da083f177753c623d58ba935e0a	2025-03-13
https://git.kernel.org/stable/c/2052b44cd0a62b6fdbe3371e5ba6029c56c400ca	2025-03-13
https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7295030c8c5d3fc7	2025-02-21
https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c5256140f1382f3b01	2025-02-21
https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0632061d4ea58d48	2025-02-21
https://git.kernel.org/stable/c/97c09cc2e72769edb6994b531edcfa313b96bade	2025-02-21
https://git.kernel.org/stable/c/9b8e2220d3a052a690b1d1b23019673e612494c5	2025-02-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.257 < 5.4.291 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.257 < 5.4.291"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.195 < 5.10.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.195 < 5.10.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.132 < 5.15.179 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.132 < 5.15.179"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.53 < 6.1.129 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.53 < 6.1.129"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.12.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.12.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.13.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.13.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.326 Search vendor "Linux" for product "Linux Kernel" and version "4.14.326"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.295 Search vendor "Linux" for product "Linux Kernel" and version "4.19.295"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.4.16 Search vendor "Linux" for product "Linux Kernel" and version "6.4.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.5.3 Search vendor "Linux" for product "Linux Kernel" and version "6.5.3"		en		Affected