CVE-2024-46719

usb: typec: ucsi: Fix null pointer dereference in trace

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b patch
https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870 patch
https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9 patch
https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae patch
https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7 patch
https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830 patch
https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5 patch

Frequently Asked Questions

What is the severity of CVE-2024-46719?
CVE-2024-46719 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46719?
To fix CVE-2024-46719, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46719 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46719 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46719?
CVE-2024-46719 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.