CVE-2024-36479

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The current implementation of the fpga bridge in the Linux kernel assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach can lead to a null pointer dereference while attempting to get the bridge if the parent device does not have a driver. To address this problem, a module owner pointer is added to the fpga bridge struct and used to take the module's refcount. The function for registering a bridge is modified to take an additional owner module parameter and renamed to avoid conflicts. The documentation is updated to keep it consistent with the new interface for registering an fpga bridge. Other changes include moving put device() from fpga bridge get() to fpga bridge get() and of fpga bridge get() to improve code clarity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.