CVE-2024-46768

MEDIUM

Linux Kernel 6.5-6.6.50 - NULL Pointer Dereference in hp-wmi-sensors WMI Event Handler

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (hp-wmi-sensors) Check if WMI event data exists The BIOS can choose to return no event data in response to a WMI event, so the ACPI object passed to the WMI notify handler can be NULL. Check for such a situation and ignore the event in such a case.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/217539e994e53206bbf3fb330261cc78c480d311

Patch

https://git.kernel.org/stable/c/4b19c83ba108aa66226da5b79810e4d19e005f12

Patch

https://git.kernel.org/stable/c/a54da9df75cd1b4b5028f6c60f9a211532680585

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.5.0 - 6.6.51linux

linux/Kernel 6.7.0 - 6.10.10linux

Linux/Linux < 6.5

Linux/Linux 23902f98f8d4811ab84dde6419569a5b374f8122 - 217539e994e53206bbf3fb330261cc78c480d311

Linux/Linux 23902f98f8d4811ab84dde6419569a5b374f8122 - 4b19c83ba108aa66226da5b79810e4d19e005f12

Linux/Linux 23902f98f8d4811ab84dde6419569a5b374f8122 - a54da9df75cd1b4b5028f6c60f9a211532680585

Linux/Linux 6.10.10 - 6.10.*

Linux/Linux 6.11

Linux/Linux 6.5

Linux/Linux 6.6.51 - 6.6.*

... and 2 more

Published Sep 18, 2024

Tracked Since Feb 18, 2026