CVE-2024-49871

Input: adp5589-keys - fix NULL pointer dereference

Description

In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our device object. However, i2c_set_clientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4449fedb8a710043fc0925409eba844c192d4337 patch
https://git.kernel.org/stable/c/34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed patch
https://git.kernel.org/stable/c/7c3f04223aaf82489472d614c6decee5a1ce8d7f patch
https://git.kernel.org/stable/c/9a38791ee79bd17d225c15a6d1479448be127a59 patch
https://git.kernel.org/stable/c/122b160561f6429701a0559a0f39b0ae309488c6 patch
https://git.kernel.org/stable/c/fb5cc65f973661241e4a2b7390b429aa7b330c69 patch

Frequently Asked Questions

What is the severity of CVE-2024-49871?
CVE-2024-49871 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49871?
To fix CVE-2024-49871, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49871 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49871 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49871?
CVE-2024-49871 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.