CVE-2024-35790

UNKNOWN

Published 2024-05-17T12:24:45.918Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-35790. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group

The DisplayPort driver's sysfs nodes may be present to the userspace before
typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
NULL in those cases.

Remove manual sysfs node creation in favor of adding attribute group as
default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is
not used here otherwise the path to the sysfs nodes is no longer compliant
with the ABI.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Linux

Affected Versions:

4.19 0 5.10.238 5.15.184 6.1.140 6.6.24 6.7.12 6.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-xq4p-6j59-jfv4

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-35790

WEB https://git.kernel.org/stable/c/0ad011776c057ce881b7fd6d8c79ecd459c087e9

WEB https://git.kernel.org/stable/c/165376f6b23e9a779850e750fb2eb06622e5a531

WEB https://git.kernel.org/stable/c/4a22aeac24d0d5f26ba741408e8b5a4be6dc5dc0

WEB https://git.kernel.org/stable/c/6b989ea1c479533ab8dbfbeb1704c94b1d3320da

WEB https://git.kernel.org/stable/c/9794ffd9d0c39ee070fbd733f862bbe89b28ba33

WEB https://git.kernel.org/stable/c/f1c5ddaef506e3517dce338c08a60663b1521920

Advisory provided by GitHub Security Advisory Database. Published: May 17, 2024, Modified: June 4, 2025

References

https://git.kernel.org/stable/c/6b989ea1c479533ab8dbfbeb1704c94b1d3320da

https://git.kernel.org/stable/c/9794ffd9d0c39ee070fbd733f862bbe89b28ba33

https://git.kernel.org/stable/c/f1c5ddaef506e3517dce338c08a60663b1521920

https://git.kernel.org/stable/c/4a22aeac24d0d5f26ba741408e8b5a4be6dc5dc0

https://git.kernel.org/stable/c/0ad011776c057ce881b7fd6d8c79ecd459c087e9

https://git.kernel.org/stable/c/165376f6b23e9a779850e750fb2eb06622e5a531

Published: 2024-05-17T12:24:45.918Z

Last Modified: 2025-06-04T12:57:15.072Z

Copied to clipboard!

CVE-2024-35790

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!