CVE-2024-46685: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46685 is a vulnerability in the Linux kernel's pinctrl subsystem, specifically in the pcsgetfunction() function. The vulnerability was discovered through code review and disclosed on September 13, 2024. It affects Linux kernel versions from 4.11 up to versions before 4.19.321, 5.4.283, 5.10.225, 5.15.166, 6.1.108, 6.6.49, and 6.10.8 (NVD).

The vulnerability is a potential NULL pointer dereference in the pcsgetfunction() function within the pinctrl single driver. The issue occurs because pinmuxgenericget_function() can return NULL, and the pointer 'function' was being dereferenced without proper NULL checking. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability could lead to a NULL pointer dereference, which typically results in a kernel crash, affecting system availability. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there is a high impact on system availability (NVD).

The vulnerability has been fixed by adding a NULL pointer check for the 'function' pointer in pcsgetfunction(). The fix has been implemented across multiple Linux kernel versions, including fixes in Ubuntu 24.04 LTS (6.8.0-50.51), 22.04 LTS (5.15.0-125.135), and 20.04 LTS (5.4.0-200.220) (Ubuntu).