{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26717", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.161Z", "datePublished": "2024-04-03T14:55:18.063Z", "dateUpdated": "2025-05-04T08:54:43.023Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:54:43.023Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid-of: fix NULL-deref on failed power up\n\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/i2c-hid/i2c-hid-of.c"], "versions": [{"version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "62f5d219edbd174829aa18d4b3d97cd5fefbb783", "status": "affected", "versionType": "git"}, {"version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c", "status": "affected", "versionType": "git"}, {"version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "4cad91344a62536a2949873bad6365fbb6232776", "status": "affected", "versionType": "git"}, {"version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "e28d6b63aeecbda450935fb58db0e682ea8212d3", "status": "affected", "versionType": "git"}, {"version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "00aab7dcb2267f2aef59447602f34501efe1a07f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/i2c-hid/i2c-hid-of.c"], "versions": [{"version": "5.12", "status": "affected"}, {"version": "0", "lessThan": "5.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.79", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "5.15.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.1.79"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.6.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.7.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783"}, {"url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c"}, {"url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776"}, {"url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3"}, {"url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f"}], "title": "HID: i2c-hid-of: fix NULL-deref on failed power up", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:12.683Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26717", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:52:26.621999Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:24.749Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:12.683Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26717", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:52:26.621999Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.558Z"}}], "cna": {"title": "HID: i2c-hid-of: fix NULL-deref on failed power up", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "62f5d219edbd174829aa18d4b3d97cd5fefbb783", "versionType": "git"}, {"status": "affected", "version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c", "versionType": "git"}, {"status": "affected", "version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "4cad91344a62536a2949873bad6365fbb6232776", "versionType": "git"}, {"status": "affected", "version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "e28d6b63aeecbda450935fb58db0e682ea8212d3", "versionType": "git"}, {"status": "affected", "version": "b33752c300232d7f95dd9a4353947d0c9e6a0e52", "lessThan": "00aab7dcb2267f2aef59447602f34501efe1a07f", "versionType": "git"}], "programFiles": ["drivers/hid/i2c-hid/i2c-hid-of.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.12"}, {"status": "unaffected", "version": "0", "lessThan": "5.12", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.79", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.18", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/hid/i2c-hid/i2c-hid-of.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783"}, {"url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c"}, {"url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776"}, {"url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3"}, {"url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid-of: fix NULL-deref on failed power up\n\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.79", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.18", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.6", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "5.12"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:54:43.023Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26717", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:54:43.023Z", "dateReserved": "2024-02-19T14:20:24.161Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-03T14:55:18.063Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECC74ED9-C6F0-4F37-9917-0F2B0BAD54B2", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "656E2F29-1779-4EFC-AA64-8F984E2885B1", "versionEndExcluding": "6.1.79", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid-of: fix NULL-deref on failed power up\n\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: i2c-hid-of: corrige NULL-deref en caso de encendido fallido Hace un tiempo, la implementaci\u00f3n de I2C HID se dividi\u00f3 en una parte ACPI y OF, pero el nuevo controlador OF nunca Inicializa el puntero del cliente al que se le quita la referencia en caso de fallos de encendido."}], "id": "CVE-2024-26717", "lastModified": "2025-01-07T21:16:14.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-03T15:15:53.850", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: HID: i2c-hid-of: fix NULL-deref on failed power up", "id": "2273148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273148"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: i2c-hid-of: fix NULL-deref on failed power up\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures."], "name": "CVE-2024-26717", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26717\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26717\nhttps://lore.kernel.org/linux-cve-announce/2024040344-CVE-2024-26717-0d01@gregkh/T"], "threat_severity": "Low"}