CVE-2024-35984 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: smbus: fix NULL function pointer dereference

Baruch reported an OOPS when using the designware controller as target
only. Target-only modes break the assumption of one transfer function
always being available. Fix this by always checking the pointer in
__i2c_transfer.

[wsa: dropped the simplification in core-smbus to avoid theoretical regressions]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/357c64ef1ef39b1e7cd91ab6bdd304d043702c83
https://git.kernel.org/stable/c/40f1d79f07b49c8a64a861706e5163f2db4bd95d
https://git.kernel.org/stable/c/4e75e222d397c6752b229ed72fc4644c8c36ecde
https://git.kernel.org/stable/c/5a09eae9a7db597fe0c1fc91636205b4a25d2620
https://git.kernel.org/stable/c/5fd72404587d7db4acb2d241fd8c387afb0a7aec
https://git.kernel.org/stable/c/91811a31b68d3765b3065f4bb6d7d6d84a7cfc9f
https://git.kernel.org/stable/c/ad3c3ac7a03be3697114f781193dd3e9d97e6e23
https://git.kernel.org/stable/c/e3425674ff68dc521c57c6eabad0cbd20a027d85
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024052018-CVE-2024-35984-d72b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35984
https://www.cve.org/CVERecord?id=CVE-2024-35984

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-20T09:47:51.738Z

Updated: 2025-05-04T09:09:50.767Z

Reserved: 2024-05-17T13:50:33.145Z

Link: CVE-2024-35984

Vulnrichment

Updated: 2024-08-02T03:21:49.037Z

NVD

Status : Modified

Published: 2024-05-20T10:15:12.830

Modified: 2024-11-21T09:21:21.677

Link: CVE-2024-35984

Redhat

Severity : Low

Publid Date: 2024-05-20T00:00:00Z

Links: CVE-2024-35984 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object