Early Access — Mondoo Vulnerability Intelligence is currently in preview.
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
In gpiod_get_label(), it is possible that srcu_dereference_check() may
return a NULL pointer, leading to a scenario where label->str is accessed
without verifying if label itself is NULL.
This patch adds a proper NULL check for label before accessing
label->str. The check for label->str != NULL is removed because
label->str can never be NULL if label is not NULL.
This fixes the issue where the label name was being printed as (efault)
when dumping the sysfs GPIO file when label == NULL.
Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:NI:NA:H5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H