CVE-2024-49871
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's adp5589-keys input driver. If the driver's probe function fails early during device initialization, a registered cleanup action attempts to access uninitialized device data, causing a kernel panic. This affects systems using the adp5589 keypad controller with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart affected devices.
Likely Case
System crash during device initialization when the adp5589 driver fails to probe properly, causing temporary denial of service.
If Mitigated
No impact if the driver probe succeeds normally or if the system doesn't use adp5589 hardware.
🎯 Exploit Status
Exploitation requires triggering the driver probe failure scenario, which is specific to hardware initialization conditions. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with the fix commits: 122b160561f6429701a0559a0f39b0ae309488c6, 34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed, 4449fedb8a710043fc0925409eba844c192d4337, 7c3f04223aaf82489472d614c6decee5a1ce8d7f, 9a38791ee79bd17d225c15a6d1479448be127a59
Vendor Advisory: https://git.kernel.org/stable/c/122b160561f6429701a0559a0f39b0ae309488c6
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Blacklist adp5589 module
linuxPrevent loading of the vulnerable driver module
echo 'blacklist adp5589' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
Disable module autoload
linuxPrevent automatic loading of the driver
echo 'install adp5589 /bin/false' >> /etc/modprobe.d/disable.conf
🧯 If You Can't Patch
- Ensure systems don't use adp5589 hardware
- Monitor kernel logs for adp5589 driver loading or crash events
🔍 How to Verify
Check if Vulnerable:
Check if adp5589 module is loaded: lsmod | grep adp5589. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test by attempting to load adp5589 module on test system.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning adp5589
- NULL pointer dereference in kernel logs
- Driver probe failure messages
Network Indicators:
- None - this is a local driver issue
SIEM Query:
source="kernel" AND ("adp5589" OR "NULL pointer dereference")🔗 References
- https://git.kernel.org/stable/c/122b160561f6429701a0559a0f39b0ae309488c6
- https://git.kernel.org/stable/c/34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed
- https://git.kernel.org/stable/c/4449fedb8a710043fc0925409eba844c192d4337
- https://git.kernel.org/stable/c/7c3f04223aaf82489472d614c6decee5a1ce8d7f
- https://git.kernel.org/stable/c/9a38791ee79bd17d225c15a6d1479448be127a59
- https://git.kernel.org/stable/c/fb5cc65f973661241e4a2b7390b429aa7b330c69
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
