PT-2024-1987 · Linux+6 · Linux Kernel+6

Tomi Valkeinen

·

Published

2024-01-16

·

Updated

2026-03-14

·

CVE-2024-26607

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge. The issue occurs due to a probing race condition in the sii902x driver. When tidss probes but is deferred as sii902x is still missing, and sii902x starts probing and enters sii902x init(), it calls drm bridge add() before setting up the i2c part, leading to a crash when sii902x bridge get edid() tries to use the i2c to read the edid.
Recommendations To resolve the issue, move the drm bridge add() to the end of the sii902x init(), which is also at the very end of sii902x probe(). This ensures that the sii902x bridge is ready from DRM's perspective only after the i2c part has been set up, preventing the null pointer dereference crash.

Exploit

Fix

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

AZL-55250
BDU:2024-01829
CVE-2024-26607
OESA-2024-1520
OESA-2024-1524
OESA-2024-1536
OESA-2024-1541
OPENSUSE-SU-2024_0857-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
SUSE-SU-2024:0855-1
SUSE-SU-2024:0856-1
SUSE-SU-2024:0857-1
SUSE-SU-2024:0900-1
SUSE-SU-2024:0900-2
SUSE-SU-2024:0926-1
SUSE-SU-2024:0977-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
USN-6765-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7194-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu