CVE-2024-58011 in Linux
Summary
by MITRE • 02/27/2025
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: int3472: Check for adev == NULL
Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs.
Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/24/2026
The vulnerability CVE-2024-58011 represents a critical null pointer dereference issue within the Linux kernel's platform x86 subsystem, specifically affecting the int3472 driver implementation. This flaw resides in the ACPI companion device handling mechanism where the kernel fails to properly validate device references before attempting operations on them. The vulnerability manifests when the system attempts to process devices that lack proper ACPI companion fwnode associations, creating a scenario where the adev pointer can legitimately become NULL during driver binding operations.
The technical root cause stems from inadequate input validation within the int3472 driver's device binding logic. When users manually bind the int3472 driver to non-standard i2c or platform devices through sysfs interfaces, the driver's initialization process does not properly check whether the associated ACPI device structure (adev) has been successfully established. This oversight creates a path where subsequent calls to skl_int3472_get_acpi_buffer() attempt to dereference a NULL pointer, leading to immediate system crashes or potential privilege escalation vectors. The vulnerability aligns with CWE-476 which identifies null pointer dereference as a common security weakness pattern.
From an operational perspective, this vulnerability poses significant risks to systems running affected Linux kernel versions, particularly those supporting mixed device configurations or requiring manual driver binding operations. The theoretical nature of the exploit means that it requires specific conditions to be met, namely manual intervention through sysfs to bind the driver to non-standard devices, but once triggered, it can cause complete system instability or denial of service conditions. Attackers could potentially leverage this vulnerability to disrupt system operations or, in more sophisticated scenarios, to gain unauthorized access to system resources through controlled crash exploitation.
The recommended mitigations focus on implementing proper null pointer validation within the driver's initialization sequence. Kernel patches should ensure that all device binding operations include explicit checks for adev != NULL before proceeding with ACPI buffer operations. System administrators should avoid manual driver binding operations where possible and ensure that kernel updates are applied promptly to address this vulnerability. The fix aligns with ATT&CK technique T1068 which covers local privilege escalation through kernel vulnerabilities, and represents a fundamental defensive measure against null pointer dereference exploits. Organizations should also consider implementing runtime monitoring for suspicious device binding patterns and maintain up-to-date kernel versions to prevent exploitation of similar vulnerabilities in the broader kernel ecosystem.