CVE-2024-58011

Advisory lineage Upstream: 0 Downstream: 36
Modified
Published: 27 Feb 2025, 02:12
Last modified:11 May 2026, 21:02

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (cve.org)
EPSS Score
0.01% LOW
0% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Feb 2025, 02:12
Published
Vulnerability first disclosed
11 May 2026, 21:02
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs. Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 3%

Techniques & Countermeasures

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • linuxlinux

    ≥ 5de691bffe57fd0fc2b4dcdcf13815c56d11db10, < 46263a0b687a044e645387a9c7692ccd693f09f1 | ≥ 5de691bffe57fd0fc2b4dcdcf13815c56d11db10, < 4f8b210823cc2d1f9d967f089a6c00d025bb237f | ≥ 5de691bffe57fd0fc2b4dcdcf13815c56d11db10, < f9c7cc44758f4930b41285a6d54afa8cbd9762b4 | ≥ 5de691bffe57fd0fc2b4dcdcf13815c56d11db10, < 0a30353beca2693d30bde477024d755ffecea514 | ≥ 5de691bffe57fd0fc2b4dcdcf13815c56d11db10, < a808ecf878ad646ebc9c83d9fc4ce72fd9c49d3d | ≥ 5de691bffe57fd0fc2b4dcdcf13815c56d11db10, < cd2fd6eab480dfc247b737cf7a3d6b009c4d0f1c | 5.14

  • linuxlinux_kernel

    < 6.1.129 | ≥ 6.2, < 6.6.78 | ≥ 6.7, < 6.12.14 | ≥ 6.13, < 6.13.3

References (7)