CVE-2024-26867

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.3-x86 64 #1

Description A vulnerability in the Linux kernel has been resolved, specifically in the comedi 8255 module. The refactoring done in commit 5c57b1ccecc7 removed the logic and flag that initialized the io field in the struct subdev 8255 private, leading to a NULL pointer dereference. This bug causes a kernel NULL pointer dereference, address: 0000000000000000, and results in a system crash.

Recommendations To resolve this issue, update the Linux kernel to a version later than 6.7.3-x86 64 #1. As a temporary workaround, consider disabling the subdev 8255 init() function until a patch is available. Restrict access to the vulnerable module comedi 8255 to minimize the risk of exploitation. Avoid using the subdev 8255 mmio and subdev 8255 io callbacks in the affected API endpoint until the issue is resolved.