PT-2024-33802 · Linux+6 · Linux Kernel+6

Alexander Shiyan

·

Published

2024-10-21

·

Updated

2026-05-26

·

CVE-2024-49961

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the use of GPIO reset from I2C port expander, where the cansleep() variant of GPIO functions was not used in the ar0521 power on() and ar0521 power off() functions. This vulnerability was fixed by using the cansleep version of gpiod set value(). The vulnerability is related to the gpiod set value() function and the ar0521 power on() and ar0521 power off() functions.
Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the ar0521 power on() and ar0521 power off() functions until a patch is available. Restrict access to the vulnerable gpiod set value() function to minimize the risk of exploitation. Avoid using the gpiod set value() function in the affected API endpoints until the issue is resolved.

Exploit

Fix

Weakness Enumeration

CWE-371

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
BDU:2025-04159
CVE-2024-49961
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2367
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7468-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu