2297566 – (CVE-2024-40982) CVE-2024-40982 kernel: ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

Bug 2297566 (CVE-2024-40982) - CVE-2024-40982 kernel: ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

Summary: CVE-2024-40982 kernel: ssb: Fix potential NULL pointer dereference in ssb_dev...

Keywords:
Status:	NEW
Alias:	CVE-2024-40982
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-12 13:45 UTC by OSIDB Bzimport
Modified:	2025-11-07 13:09 UTC (History)
CC List:	4 users (show)
Fixed In Version:	kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-12 13:45:49 UTC

In the Linux kernel, the following vulnerability has been resolved:

ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

The ssb_device_uevent() function first attempts to convert the 'dev' pointer
to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before
performing the NULL check, potentially leading to a NULL pointer
dereference if 'dev' is NULL.

To fix this issue, move the NULL check before dereferencing the 'dev' pointer,
ensuring that the pointer is valid before attempting to use it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Note You need to log in before you can comment on or make changes to this bug.