CVE-2024-50224

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 9, 2024

Updated: Nov 13, 2024

CWE ID 476

Summary

CVE-2024-50224: A vulnerability in the Linux kernel has been addressed, which affected the spi-fsl-dspi driver. This issue caused a crash when the GPIO chip select was not used, leading to a kernel NULL pointer dereference. The problem was due to a failure to check the return value of spi_get_csgpiod(), resulting in a NULL pointer being passed to gpiod_direction_output(). With this patch, a check has been added to prevent such crashes from occurring.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zuXl_N
https://www.cve.org/CVERecord?id=CVE-2024-50224
https://nvd.nist.gov/vuln/detail/CVE-2024-50224

Back to Vulnerability Database