CVE-2024-44936

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2c_set_clientdata Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper") reworked the driver to use devm. While at it, the i2c_set_clientdata was dropped along with the remove callback. Unfortunately other parts of the driver also rely on i2c clientdata so this causes kernel oops. Bring the call back to fix the driver.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3c5d0871b0af0184abc6f7f52f8705b39a6251ae	Patch
https://git.kernel.org/stable/c/d3911f1639e67fc7b12aae0efa5a540976d7443b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::

History

No history.

Information

Published : 2024-08-26 11:15

Updated : 2024-09-05 17:53

NVD link : CVE-2024-44936

Mitre link : CVE-2024-44936

CVE.ORG link : CVE-2024-44936

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-44936", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-26T11:15:05.700", "references": [{"url": "https://git.kernel.org/stable/c/3c5d0871b0af0184abc6f7f52f8705b39a6251ae", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d3911f1639e67fc7b12aae0efa5a540976d7443b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rt5033: Bring back i2c_set_clientdata\n\nCommit 3a93da231c12 (\"power: supply: rt5033: Use devm_power_supply_register() helper\")\nreworked the driver to use devm. While at it, the i2c_set_clientdata\nwas dropped along with the remove callback. Unfortunately other parts\nof the driver also rely on i2c clientdata so this causes kernel oops.\n\nBring the call back to fix the driver."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: power: Supply: rt5033: traer de vuelta i2c_set_clientdata Commit 3a93da231c12 (\"power: Supply: rt5033: Use devm_power_supply_register() helper\") reelabor\u00f3 el controlador para usar devm. Mientras lo hac\u00eda, i2c_set_clientdata se elimin\u00f3 junto con la devoluci\u00f3n de llamada de eliminaci\u00f3n. Desafortunadamente, otras partes del controlador tambi\u00e9n dependen de los datos del cliente i2c, por lo que esto provoca fallos en el kernel. Devuelva la llamada para reparar el controlador."}], "lastModified": "2024-09-05T17:53:43.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F07BD0FF-07AF-4DAD-8EB1-09FB50ABDC47", "versionEndExcluding": "6.10.5", "versionStartIncluding": "6.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}