CVE-2024-35984
Linux Kernel i2c Smaster Bus Pointer Dereference Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions]
INFO
Published Date :
May 20, 2024, 10:15 a.m.
Last Modified :
Nov. 21, 2024, 9:21 a.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-35984.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-35984 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-35984 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83 Added Reference https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d Added Reference https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde Added Reference https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620 Added Reference https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec Added Reference https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f Added Reference https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23 Added Reference https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85 Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Nov. 05, 2024
Action Type Old Value New Value Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 27, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 25, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 08, 2024
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 29, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
May. 23, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Changed Reference Type https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83 No Types Assigned https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83 Patch Changed Reference Type https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d No Types Assigned https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d Patch Changed Reference Type https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde No Types Assigned https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde Patch Changed Reference Type https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620 No Types Assigned https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620 Patch Changed Reference Type https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec No Types Assigned https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec Patch Changed Reference Type https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f No Types Assigned https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f Patch Changed Reference Type https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23 No Types Assigned https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23 Patch Changed Reference Type https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85 No Types Assigned https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85 Patch Added CWE NIST CWE-476 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.19 up to (excluding) 4.19.313 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.275 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.216 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.158 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.90 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.30 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.9 -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 20, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions] Added Reference kernel.org https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-35984 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-35984
weaknesses.