CVE-2024-56580

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56580
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56580.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56580
Downstream
Related
Published
2024-12-27T15:15:17Z
Modified
2025-01-08T16:43:44Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

media: qcom: camss: fix error path on configuration of power domains

There is a chance to meet runtime issues during configuration of CAMSS power domains, because on the error path devpmdomain_detach() is unexpectedly called with NULL or error pointer.

One of the simplest ways to reproduce the problem is to probe CAMSS driver before registration of CAMSS power domains, for instance if a platform CAMCC driver is simply not built.

Warning backtrace example:

Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a2

<snip>

pc : dev_pm_domain_detach+0x8/0x48
lr : camss_probe+0x374/0x9c0

<snip>

Call trace:
 dev_pm_domain_detach+0x8/0x48
 platform_probe+0x70/0xf0
 really_probe+0xc4/0x2a8
 __driver_probe_device+0x80/0x140
 driver_probe_device+0x48/0x170
 __device_attach_driver+0xc0/0x148
 bus_for_each_drv+0x88/0xf0
 __device_attach+0xb0/0x1c0
 device_initial_probe+0x1c/0x30
 bus_probe_device+0xb4/0xc0
 deferred_probe_work_func+0x90/0xd0
 process_one_work+0x164/0x3e0
 worker_thread+0x310/0x420
 kthread+0x120/0x130
 ret_from_fork+0x10/0x20
References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}