CVE-2024-57792 in Linux
Summary
by MITRE • 01/11/2025
In the Linux kernel, the following vulnerability has been resolved:
power: supply: gpio-charger: Fix set charge current limits
Fix set charge current limits for devices which allow to set the lowest charge current limit to be greater zero. If requested charge current limit is below lowest limit, the index equals current_limit_map_size which leads to accessing memory beyond allocated memory.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/25/2026
The vulnerability identified as CVE-2024-57792 resides within the Linux kernel's power supply subsystem, specifically affecting the gpio-charger driver implementation. This flaw represents a classic buffer overflow condition that emerges when handling charge current limit configurations for battery charging devices. The issue manifests in devices where the hardware supports charging current limits that cannot be set to zero, requiring a minimum positive value for the lowest charge current limit. The vulnerability occurs during the processing of charge current limit requests where the system fails to properly validate input parameters against the available hardware capabilities.
The technical root cause of this vulnerability stems from improper bounds checking within the gpio-charger driver's implementation of charge current limit management. When a charging request specifies a current limit that falls below the minimum supported value, the system calculates an index value that exceeds the allocated memory boundaries for the current limit mapping array. This calculation results in accessing memory beyond the allocated buffer space, creating a potential avenue for arbitrary code execution or system instability. The flaw operates at the intersection of hardware abstraction layer design and memory management, where the driver fails to properly validate user input against hardware constraints before performing array indexing operations.
This vulnerability presents significant operational risks within embedded systems and mobile devices that rely on Linux kernel power management for battery charging operations. The buffer overflow condition could potentially be exploited by malicious actors to execute arbitrary code within the kernel context, leading to complete system compromise. Devices utilizing gpio-charger drivers for power management, particularly smartphones, tablets, and embedded IoT devices, face potential security implications when exposed to this flaw. The impact extends beyond simple system crashes to include data corruption, privilege escalation, and denial of service conditions that could affect device functionality and user data integrity.
The vulnerability aligns with CWE-129, which addresses improper validation of array indices, and demonstrates characteristics consistent with ATT&CK technique T1068, involving the exploitation of privilege escalation vulnerabilities. The fix implemented addresses the core issue by ensuring proper bounds checking before array access operations, validating that requested charge current limits fall within the supported hardware range before calculating index values. Security practitioners should prioritize patching affected systems, particularly in environments where devices operate with elevated privileges or handle sensitive data. The mitigation strategy involves updating to kernel versions containing the patched gpio-charger driver implementation, which enforces proper validation of charge current limit parameters against hardware capabilities and prevents out-of-bounds memory access conditions.