AZL-51231

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51231.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51231

Upstream

CVE-2024-49871

Published

2024-10-21T18:15:08Z

Modified

2026-04-01T05:17:42.364287Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-49871 affecting package kernel for versions less than 5.15.173.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

Input: adp5589-keys - fix NULL pointer dereference

We register a devm action to call adp5589clearconfig() and then pass the i2c client as argument so that we can call i2cgetclientdata() in order to get our device object. However, i2csetclientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49871

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.173.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51231.json"