CVE-2024-58020

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt_input_configured() is not checked. Add NULL check in mt_input_configured(), to handle kernel NULL pointer dereference error.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2052b44cd0a62b6fdbe3371e5ba6029c56c400ca
https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7295030c8c5d3fc7	Patch
https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c5256140f1382f3b01	Patch
https://git.kernel.org/stable/c/97c09cc2e72769edb6994b531edcfa313b96bade	Patch
https://git.kernel.org/stable/c/9b8e2220d3a052a690b1d1b23019673e612494c5	Patch
https://git.kernel.org/stable/c/a04d96ef67a42165f93194eef22a270acba4b74c
https://git.kernel.org/stable/c/a6bfd3856e9f3da083f177753c623d58ba935e0a
https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0632061d4ea58d48	Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::

History

No history.

Information

Published : 2025-02-27 03:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-58020

Mitre link : CVE-2024-58020

CVE.ORG link : CVE-2024-58020

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-58020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-27T03:15:12.997", "references": [{"url": "https://git.kernel.org/stable/c/2052b44cd0a62b6fdbe3371e5ba6029c56c400ca", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7295030c8c5d3fc7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c5256140f1382f3b01", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/97c09cc2e72769edb6994b531edcfa313b96bade", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9b8e2220d3a052a690b1d1b23019673e612494c5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a04d96ef67a42165f93194eef22a270acba4b74c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a6bfd3856e9f3da083f177753c623d58ba935e0a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0632061d4ea58d48", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: multitouch: Agregar comprobaci\u00f3n NULL en mt_input_configured devm_kasprintf() puede devolver un puntero NULL en caso de error, pero este valor devuelto en mt_input_configured() no se comprueba. Agregar comprobaci\u00f3n NULL en mt_input_configured() para controlar el error de desreferencia de puntero NULL del kernel."}], "lastModified": "2025-11-03T20:16:58.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B3CDB0-0B42-463E-9E20-DD9CF990E40F", "versionEndExcluding": "4.15", "versionStartIncluding": "4.14.326"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17432972-1EC7-4C0A-9A09-36F90BE8963A", "versionEndExcluding": "4.20", "versionStartIncluding": "4.19.295"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6592FB47-66C7-415E-9A0E-5F40984BE4E3", "versionEndExcluding": "5.5", "versionStartIncluding": "5.4.257"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC594734-BB21-44EC-B327-F5F4E4800AA8", "versionEndExcluding": "5.11", "versionStartIncluding": "5.10.195"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5530E8-38DC-4A0B-A3CB-10DA342CACFD", "versionEndExcluding": "5.16", "versionStartIncluding": "5.15.132"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C1170AD-392C-41B9-8ADE-B117B8D3C893", "versionEndExcluding": "6.1.129", "versionStartIncluding": "6.1.53"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5099559-2D15-42A5-A561-71B34FEFF36F", "versionEndExcluding": "6.5", "versionStartIncluding": "6.4.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85292534-F886-41C7-A2AF-C5BA18E5A56B", "versionEndExcluding": "6.6.79", "versionStartIncluding": "6.5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC", "versionEndExcluding": "6.12.16", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4", "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}