CVE-2024-46719

MEDIUM EPSS 14.8%
Published Sep 18, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 18, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.4.284
linuxlinux_kernel*≥5.5  –  <5.10.226
linuxlinux_kernel*≥5.11  –  <5.15.167
linuxlinux_kernel*≥5.16  –  <6.1.109
linuxlinux_kernel*≥6.2  –  <6.6.50
linuxlinux_kernel*≥6.7  –  <6.10.9

References 9

  • git.kernel.org https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
    Patch