CVE-2024-49941 Information

Nov 01, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()

In gpiod_get_label() it is possible that srcu_dereference_check() may return a NULL pointer leading to a scenario where label->str is accessed without verifying if label itself is NULL.

This patch adds a proper NULL check for label before accessing label->str. The check for label->str != NULL is removed because label->str can never be NULL if label is not NULL.

This fixes the issue where the label name was being printed as (efault) when dumping the sysfs GPIO file when label == NULL.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://git.kernel.org/stable/c/9ee4b907d7a5d7a53b4ff7727c371ff3d44ccbbb https://git.kernel.org/stable/c/7b99b5ab885993bff010ebcd93be5e511c56e28a

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5

Share on: