CVE-2024-57799

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises from the potential invocation of rk hdptx phy runtime resume() before platform set drvdata() is executed in the ->probe() function, leading to a NULL pointer dereference when using the return of dev get drvdata(). This occurs in the Linux kernel, specifically in the phy: rockchip: samsung-hdptx component. The problem is resolved by ensuring that platform set drvdata() is called before devm pm runtime enable().

Recommendations Ensure platform set drvdata() is called before devm pm runtime enable() to prevent the NULL pointer dereference. As a temporary workaround, consider restricting the use of the rk hdptx phy runtime resume() function until the issue is fully resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.