CVE-2024-38637

MEDIUM

Linux Kernel - NULL Pointer Dereference in Greybus Lights

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places. This was originally reported in [0]: Found by Linux Verification Center (linuxtesting.org) with SVACE. [0] https://lore.kernel.org/all/[email protected]

References (9)

Core 9

Scores

CVSS v3 5.5
EPSS 0.0023
EPSS Percentile 13.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (26)
linux/Kernel 4.20.0 - 5.4.278linux
linux/Kernel 4.9.0 - 4.19.316linux
linux/Kernel 5.11.0 - 5.15.161linux
linux/Kernel 5.16.0 - 6.1.93linux
linux/Kernel 5.5.0 - 5.10.219linux
linux/Kernel 6.2.0 - 6.6.33linux
linux/Kernel 6.7.0 - 6.9.4linux
Linux/Linux < 4.9
Linux/Linux 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 - 330f6bcdcef03f70f81db5f2ed6747af656a09f2
Linux/Linux 2870b52bae4c81823ffcb3ed2b0626fb39d64f48 - 518e2c46b5dbce40b1aa0100001d03c3ceaa7d38
... and 16 more
Published Jun 21, 2024
Tracked Since Feb 18, 2026