Vulnerabilities > CVE-2024-46719 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b
- https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870
- https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9
- https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
- https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7
- https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830
- https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5