CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group

Published May 17, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group

The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata() completes in dpaltmodeprobe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpdshow or dp->lock in pinassignmentshow, as devgetdrvdata() returns NULL in those cases.

Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTEGROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group

The Linux kernel CVE team has assigned CVE-2024-35790 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051708-CVE-2024-35790-6a80@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the DisplayPort driver. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

IBM

Affected Software

19 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
Linux Linux kernel>=4.19<6.6.24
Linux Linux kernel>=6.7<6.7.12
Linux Linux kernel=6.8-rc1
Linux Linux kernel=6.8-rc2
Linux Linux kernel=6.8-rc3
Linux Linux kernel=6.8-rc4
Linux Linux kernel=6.8-rc5
Linux Linux kernel=6.8-rc6
redhat/kernel<6.6.24
6.6.24
redhat/kernel<6.7.12
6.7.12
redhat/kernel<6.8
6.8
Microsoft azl3 hyperv-daemons 6.6.35.1-1
Patch available
Microsoft cbl2 kernel 5.15.182.1-1
Patch available
Microsoft azl3 hyperv-daemons 6.6.22.1-2
Patch available
Microsoft cbl2 kernel 5.15.182.1-1

Remediation

Patch Available

https://git.kernel.org/stable/c/0ad011776c057ce881b7fd6d8c79ecd459c087e9

Patch Available

https://git.kernel.org/stable/c/165376f6b23e9a779850e750fb2eb06622e5a531

Patch Available

https://git.kernel.org/stable/c/4a22aeac24d0d5f26ba741408e8b5a4be6dc5dc0

Event History

May 17, 2024
CVE Published
via MITRE·12:24 PM
Data Sourced
via MITRE·12:24 PM
Description
Data Sourced
via NVD·01:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·09:05 PM
DescriptionSeverityAffected Software
Sep 11, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-35790?

CVE-2024-35790 has a severity rating that necessitates attention due to the potential impact on the Linux kernel's handling of sysfs nodes.

2

How do I fix CVE-2024-35790?

To fix CVE-2024-35790, upgrade the Linux kernel to version 6.6.24, 6.7.12, or 6.8 as appropriate for your system.

3

What versions of the Linux kernel are affected by CVE-2024-35790?

CVE-2024-35790 affects Linux kernel versions from 4.19 up to but not including 6.6.24, and 6.7.0 to 6.7.12.

4

Is there a workaround for CVE-2024-35790?

There are no documented workarounds for CVE-2024-35790; applying the provided updates is the recommended course of action.

5

Which products may be impacted by CVE-2024-35790?

CVE-2024-35790 may impact products including IBM Security Verify Governance and associated components.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203