1. Home
  2. Vulnerabilities
  3. CVE-2024-56574
5.5
MEDIUM CVSS 3.1
CVE-2024-56574
"QEMU ts2020 Null Pointer Dereference Vulnerability"
Description

In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809 RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010 RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6 R10: 0000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790 R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001 FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ts2020_probe+0xad/0xe10 [ts2020] i2c_device_probe+0x421/0xb40 really_probe+0x266/0x850 ... The cause of the problem is that when using sysfs to dynamically register an i2c device, there is no platform data, but the probe process of ts2020 needs to use platform data, resulting in a null pointer being accessed. Solve this problem by adding checks to platform data.

INFO

Published Date :

Dec. 27, 2024, 3:15 p.m.

Last Modified :

Jan. 6, 2025, 5:20 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2024-56574 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
This addresses a null pointer dereference vulnerability in the Linux kernel.
  • Update the affected Linux kernel packages.
  • Reboot the system to apply the update.
Public PoC/Exploit Available at Github

CVE-2024-56574 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-56574.

URL Resource
https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba Patch
https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6 Patch
https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999 Patch
https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026 Patch
https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088 Patch
https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d Patch
https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-56574 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-56574 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
cku-heise/euvd-api-doc

None

JavaScript

Updated: 3 months, 1 week ago
5 stars 1 fork 1 watcher
Born at : April 16, 2025, 1:43 p.m. This repo has been linked 280 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-56574 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-56574 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 06, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.1 up to (excluding) 5.4.287 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.231 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.174 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.64 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.4
    Changed Reference Type https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba No Types Assigned https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba Patch
    Changed Reference Type https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6 No Types Assigned https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6 Patch
    Changed Reference Type https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999 No Types Assigned https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999 Patch
    Changed Reference Type https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026 No Types Assigned https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026 Patch
    Changed Reference Type https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088 No Types Assigned https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088 Patch
    Changed Reference Type https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d No Types Assigned https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d Patch
    Changed Reference Type https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa No Types Assigned https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 27, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809 RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010 RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6 R10: 0000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790 R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001 FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ts2020_probe+0xad/0xe10 [ts2020] i2c_device_probe+0x421/0xb40 really_probe+0x266/0x850 ... The cause of the problem is that when using sysfs to dynamically register an i2c device, there is no platform data, but the probe process of ts2020 needs to use platform data, resulting in a null pointer being accessed. Solve this problem by adding checks to platform data.
    Added Reference https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba
    Added Reference https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6
    Added Reference https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999
    Added Reference https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026
    Added Reference https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088
    Added Reference https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d
    Added Reference https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact