In the Linux kernel, the following vulnerability has been...
Moderate severity
Unreviewed
Published
May 21, 2024
to the GitHub Advisory Database
•
Updated Dec 23, 2024
Description
Published by the National Vulnerability Database
May 21, 2024
Published to the GitHub Advisory Database
May 21, 2024
Last updated
Dec 23, 2024
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
If driver read val value sufficient for
(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))
from device then Null pointer dereference occurs.
(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)
Also lm75[] does not serve a purpose anymore after switching to
devm_i2c_new_dummy_device() in w83791d_detect_subclients().
The patch fixes possible NULL pointer dereference by removing lm75[].
Found by Linux Driver Verification project (linuxtesting.org).
[groeck: Dropped unnecessary continuation lines, fixed multipline alignment]
References