Vulnerabilities > CVE-2024-35984 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions]
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83
- https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83
- https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d
- https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d
- https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde
- https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde
- https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620
- https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620
- https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec
- https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec
- https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f
- https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f
- https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23
- https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23
- https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85
- https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html