CVE-2024-53204

MEDIUM

Linux Kernel 6.6-6.11.11 NULL Pointer Dereference in rtk_usb3phy_probe

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/e27877990e54bfe4246dd850f7ec8646c999ce58

Patch

https://git.kernel.org/stable/c/258ea41c926b7b3a16d0d7aa210a1401c4a1601b

Patch

https://git.kernel.org/stable/c/48d52d3168749e10c1c37cd4ceccd18625851741

Patch

https://git.kernel.org/stable/c/776f13ad1f88485206f1dca5ef138553106950e5

Patch

https://git.kernel.org/stable/c/bf373d2919d98f3d1fe1b19a0304f72fe74386d9

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (18)

linux/Kernel 6.12.0 - 6.12.2linux

linux/Kernel 6.6.0 - 6.6.4linux

linux/Kernel 6.7.0 - 6.7linux

linux/Kernel 6.9.0 - 6.11.11linux

Linux/Linux < 6.6

Linux/Linux 6.11.11 - 6.11.*

Linux/Linux 6.12.2 - 6.12.*

Linux/Linux 6.13

Linux/Linux 6.6

Linux/Linux 6.6.4 - 6.6.*

... and 8 more

Published Dec 27, 2024

Tracked Since Feb 18, 2026