CVE-2024-46685
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's pinctrl-single driver. If exploited, it could cause a kernel panic or system crash, affecting all systems running vulnerable Linux kernel versions with this driver loaded. The vulnerability occurs when pinmux_generic_get_function() returns NULL but the pointer isn't properly checked before dereferencing.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or kernel panic requiring reboot, resulting in temporary service interruption.
If Mitigated
No impact if the vulnerable driver isn't loaded or the system has been patched.
🎯 Exploit Status
Requires ability to trigger the vulnerable code path in pcs_get_function(). Found during code review, not through active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 0a2bab5ed161318f57134716accba0a30f3af191, 1c38a62f15e595346a1106025722869e87ffe044, 292151af6add3e5ab11b2e9916cffa5f52859a1f, 2cea369a5c2e85ab14ae716da1d1cc6d25c85e11, 4e9436375fcc9bd2a60ee96aba6ed53f7a377d10
Vendor Advisory: https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable pinctrl-single module
linuxPrevent loading of the vulnerable driver if not required
echo 'blacklist pinctrl_single' >> /etc/modprobe.d/blacklist.conf
rmmod pinctrl_single
🧯 If You Can't Patch
- Ensure proper access controls to prevent unauthorized users from triggering the vulnerable code path
- Monitor system logs for kernel panics or crashes and have incident response procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if pinctrl_single module is loaded: lsmod | grep pinctrl_single. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits. Check dmesg for absence of related crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg or /var/log/kern.log
- System crash/reboot events
- NULL pointer dereference errors
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "pinctrl")🔗 References
- https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191
- https://git.kernel.org/stable/c/1c38a62f15e595346a1106025722869e87ffe044
- https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f52859a1f
- https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11
- https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10
- https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7
- https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075
- https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
