2307893 – (CVE-2024-44936) CVE-2024-44936 kernel: power: supply: rt5033: Bring back i2c_set_clientdata

Bug 2307893 (CVE-2024-44936) - CVE-2024-44936 kernel: power: supply: rt5033: Bring back i2c_set_clientdata

Summary: CVE-2024-44936 kernel: power: supply: rt5033: Bring back i2c_set_clientdata

Keywords:
Status:	NEW
Alias:	CVE-2024-44936
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2308136
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-26 11:22 UTC by OSIDB Bzimport
Modified:	2024-08-28 15:31 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-08-26 11:22:02 UTC

In the Linux kernel, the following vulnerability has been resolved:

power: supply: rt5033: Bring back i2c_set_clientdata

Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper")
reworked the driver to use devm. While at it, the i2c_set_clientdata
was dropped along with the remove callback. Unfortunately other parts
of the driver also rely on i2c clientdata so this causes kernel oops.

Bring the call back to fix the driver.

Comment 1 Mauro Matteo Cascella 2024-08-27 12:17:41 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024082643-CVE-2024-44936-505c@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.