1. Home
  2. Vulnerabilities
  3. CVE-2024-40982

CVE-2024-40982

CVSS v3.1 5.5 (Medium)
55% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 13
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

The ssb_device_uevent() function first attempts to convert the 'dev' pointer
to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before
performing the NULL check, potentially leading to a NULL pointer
dereference if 'dev' is NULL.

To fix this issue, move the NULL check before dereferencing the 'dev' pointer,
ensuring that the pointer is valid before attempting to use it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Weaknesses
CWE-476
NULL Pointer Dereference
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
kernel.org
Published Date
2024-07-12 13:15:19
(2 months ago)
Updated Date
2024-09-09 18:13:13
(9 days ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 6.6.36 version cpe:2.3:o:linux:linux_kernel < 6.6.36
  Linux Kernel from 6.7 version and prior 6.9.7 version cpe:2.3:o:linux:linux_kernel >= 6.7 < 6.9.7