CVE-2024-57799

MEDIUM5.5

phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM

Published Jan 11, 2025

Modified 3 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM

In some cases, rk_hdptx_phy_runtime_resume() may be invoked before platform_set_drvdata() is executed in ->probe(), leading to a NULL pointer dereference when using the return of dev_get_drvdata().

Ensure platform_set_drvdata() is called before devm_pm_runtime_enable().

References

WEBhttps://git.kernel.org/stable/c/7061849a4a1752a06944a819dd1f7bfd58df7383 WEBhttps://git.kernel.org/stable/c/9d23e48654620fdccfcc74cc2cef04eaf7353d07 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-57799

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJan 11, 2025

ModifiedOct 1, 2025