CVE-2024-58020

HID: multitouch: Add NULL check in mt_input_configured

Description

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt_input_configured() is not checked. Add NULL check in mt_input_configured(), to handle kernel NULL pointer dereference error.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a04d96ef67a42165f93194eef22a270acba4b74c
https://git.kernel.org/stable/c/a6bfd3856e9f3da083f177753c623d58ba935e0a
https://git.kernel.org/stable/c/2052b44cd0a62b6fdbe3371e5ba6029c56c400ca
https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7295030c8c5d3fc7 patch
https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c5256140f1382f3b01 patch
https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0632061d4ea58d48 patch
https://git.kernel.org/stable/c/97c09cc2e72769edb6994b531edcfa313b96bade patch
https://git.kernel.org/stable/c/9b8e2220d3a052a690b1d1b23019673e612494c5 patch

Frequently Asked Questions

What is the severity of CVE-2024-58020?
CVE-2024-58020 has been scored as a medium severity vulnerability.
How to fix CVE-2024-58020?
To fix CVE-2024-58020, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-58020 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-58020 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-58020?
CVE-2024-58020 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.