Description
In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our device object. However, i2c_set_clientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early.
References (7)
Core 7
Core References
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
14.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (21)
linux/Kernel
5.11.0 - 5.15.168linux
linux/Kernel
5.16.0 - 6.1.113linux
linux/Kernel
6.11.0 - 6.11.3linux
linux/Kernel
6.2.0 - 6.6.55linux
linux/Kernel
6.7.0 - 6.10.14linux
Linux/Linux
< 5.11
Linux/Linux
30df385e35a48f773b85117fc490152c2395e45b - 122b160561f6429701a0559a0f39b0ae309488c6
Linux/Linux
30df385e35a48f773b85117fc490152c2395e45b - 34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed
Linux/Linux
30df385e35a48f773b85117fc490152c2395e45b - 4449fedb8a710043fc0925409eba844c192d4337
Linux/Linux
30df385e35a48f773b85117fc490152c2395e45b - 7c3f04223aaf82489472d614c6decee5a1ce8d7f
... and 11 more
Published
Oct 21, 2024
Tracked Since
Feb 18, 2026