PT-2024-31314 · Linux+3 · Linux Kernel+3

En-Wei Wu

Published

2024-07-29

Updated

2025-01-09

CVE-2024-44937

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises from a race condition in the ACPI notify handler, specifically in the intel-vbtn module, which can lead to a kernel NULL pointer dereference. This occurs when the handler attempts to register priv->switches dev twice, resulting in a duplicate filename error in sysfs and a subsequent kernel crash. The problem is triggered on Dell Venue 7140 tablets when undocking from the keyboard. To fix this, a mutex is used to protect the intel-vbtn notify handler from racing with itself.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

BDU:2025-02931

CVE-2024-44937

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2024-31314 · Linux+3 · Linux Kernel+3

CVE-2024-44937

Weakness Enumeration

Related Identifiers

Affected Products

References · 641