CVE-2024-58054

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fix of the max96712 module issue

Description A kernel oops occurs when removing the max96712 module due to an incorrect pointer being passed to v4l2 async unregister subdev(). This happens because in v4l2 i2c subdev init(), the i2c set clientdata() is called again and the data is overwritten to point to sd, instead of priv.

Recommendations For Linux kernel versions prior to the fix of the max96712 module issue: As a temporary workaround, consider disabling the max96712 module until a patch is available. To resolve the issue, update the Linux kernel to a version that includes the fix for the max96712 module issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2025-02443

CVE-2024-58054

DLA-4102-1

OESA-2025-1339

OESA-2025-1340

OPENSUSE-SU-2025_1177-1

OPENSUSE-SU-2025_1178-1

OPENSUSE-SU-2025_1180-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

SUSE-SU-2025:20190-1

SUSE-SU-2025:20192-1

SUSE-SU-2025:20260-1

SUSE-SU-2025:20270-1

SUSE-SU-2025_1177-1

SUSE-SU-2025_1178-1

SUSE-SU-2025_1180-1

USN-7521-1

USN-7521-2

USN-7521-3

USN-7651-1

USN-7651-2

USN-7651-3

USN-7651-4

USN-7651-5

USN-7651-6

USN-7652-1

USN-7653-1

USN-7737-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-58054

Weakness Enumeration

Related Identifiers

Affected Products

References · 1577