CVE-2024-56574
📋 TL;DR
A null pointer dereference vulnerability in the Linux kernel's ts2020 media driver allows local attackers to cause a kernel panic or system crash by triggering the ts2020_probe() function without proper platform data. This affects Linux systems with the ts2020 driver loaded, particularly those allowing dynamic i2c device registration via sysfs.
💻 Affected Systems
- Linux kernel with ts2020 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.
Likely Case
System crash requiring reboot when malicious or malformed i2c device registration occurs.
If Mitigated
No impact if proper access controls prevent unauthorized i2c device registration.
🎯 Exploit Status
Exploitation requires local access and ability to write to i2c device registration sysfs interface. No authentication bypass needed but requires appropriate permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing the fix commits
Vendor Advisory: https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Restrict i2c device registration
linuxPrevent unauthorized users from registering i2c devices via sysfs
chmod 600 /sys/bus/i2c/devices/i2c-*/new_device
setfacl -m u:root:rw /sys/bus/i2c/devices/i2c-*/new_device
Unload ts2020 driver
linuxRemove vulnerable driver if not needed
rmmod ts2020
🧯 If You Can't Patch
- Implement strict access controls on /sys/bus/i2c/devices/i2c-*/new_device interface
- Monitor system logs for i2c device registration attempts and investigate unauthorized activity
🔍 How to Verify
Check if Vulnerable:
Check if ts2020 driver is loaded: lsmod | grep ts2020. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version contains fix commits. Test by attempting to trigger the probe with missing platform data (not recommended in production).📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN null-ptr-deref reports
- systemd-udevd errors related to i2c device registration
- dmesg entries showing ts2020_probe failures
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("null-ptr-deref" OR "ts2020_probe" OR "KASAN")🔗 References
- https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba
- https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6
- https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999
- https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026
- https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088
- https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d
- https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
