Multitouch Handling Vulnerability in Linux Kernel
CVE-2024-58020

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

In the Linux kernel, a vulnerability in the multitouch handling code can lead to potential NULL pointer dereference. Specifically, the function mt_input_configured fails to check the return value of devm_kasprintf(), which may yield a NULL pointer on error. This oversight can result in unpredictable behavior and system instability. The vulnerability has been addressed with an added check to ensure safe handling of this potential error, thereby enhancing the robustness of the kernel's multitouch support.

Affected Version(s)

Linux 2763732ec1e68910719c75b6b896e11b6d3d622b < 4e7113f591163d99adc7cbcd7295030c8c5d3fc7

Linux 4794394635293a3e74591351fff469cea7ad15a2 < 62f8bf06262b6fc55c58f4c5256140f1382f3b01

Linux 4794394635293a3e74591351fff469cea7ad15a2

References

https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7...

https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c52...

https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025