CVE-2024-49871
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49871
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49871.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49871
- Downstream
- Related
- Published
- 2024-10-21T18:15:08Z
- Modified
- 2025-08-09T20:01:26Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Input: adp5589-keys - fix NULL pointer dereference
We register a devm action to call adp5589clearconfig() and then pass the i2c client as argument so that we can call i2cgetclientdata() in order to get our device object. However, i2csetclientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early.
- References
-
- https://git.kernel.org/stable/c/122b160561f6429701a0559a0f39b0ae309488c6
- https://git.kernel.org/stable/c/34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed
- https://git.kernel.org/stable/c/4449fedb8a710043fc0925409eba844c192d4337
- https://git.kernel.org/stable/c/7c3f04223aaf82489472d614c6decee5a1ce8d7f
- https://git.kernel.org/stable/c/9a38791ee79bd17d225c15a6d1479448be127a59
- https://git.kernel.org/stable/c/fb5cc65f973661241e4a2b7390b429aa7b330c69