CVE-2024-56587

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2024

Updated: Jan 31, 2025

CWE ID 476

Summary

CVE-2024-56587: A vulnerability in the Linux kernel's LED subsystem allows for a NULL pointer issue when Process A adds a hid device, resulting in a kernel panic if Process B later attempts to access the LED class device's attributes. This issue can be resolved by using mutex led_cdev->led_access to protect access to led->cdev and its attributes inside brightness_show() and max_brightness_show(). The vulnerability was identified during the addition and removal of LED devices in the system. The call stack includes functions such as hid_device_probe, ps_led_register, and devm_led_classdev_register_ext. The vulnerability results in a kernel NULL pointer dereference, causing a system crash.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-56587

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations