CVE-2024-58011NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference52 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1OSV5.9
EPSS
0.0%
top 97.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
LinuxLinux KernelDebian Linux+6 more
Timeline
PublishedFeb 27
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs. Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

NVDlinux/linux_kernel6.26.6.78+3
Debianlinux/linux_kernel< 6.1.129-1+2
Ubuntulinux/linux_kernel< 5.15.0-170.180+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

25
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-intel-iotg-5.15, linux-xilinx-zynqmp vulnerabilities2026-02-19
OSV
linux-intel-iotg vulnerabilities2026-02-19
OSV
linux-nvidia vulnerabilities2026-02-17
OSV
linux-nvidia-tegra-igx vulnerabilities2026-02-17

📋Vendor Advisories

26
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2026-02-19
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-02-17