CVE-2024-56629

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability has been resolved in the Linux kernel related to the HID wacom driver. The issue occurs when getting the product name, which may result in a null pointer, leading to potential system crashes. This is due to incorrect dev->product reporting by certain devices, causing null pointer dereferences when dev->product is empty. The problem was found on an EXCELSIOR DL37-D05 device with a Loongson-LS3A6000-7A2000-DL37 motherboard.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the wacom driver until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using devices that report incorrect dev->product information until the issue is resolved.