CVE-2024-46693: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46693 affects the Linux kernel's PMIC GLINK driver implementation. The vulnerability was discovered in the initialization process of pmic_glink child drivers, where a race condition can occur during client registration. The issue affects Linux kernel versions from 6.3 up to (excluding) 6.6.49, and from 6.7 up to (excluding) 6.10.8, as well as several 6.11 release candidates (NVD).

The vulnerability stems from a race condition where the protection-domain notifier can fire and schedule associated work before the client registration returns, leading to a NULL pointer dereference. The issue occurs because the 'client' pointer is blindly dereferenced before initialization is complete. This vulnerability became more prevalent after the introduction of commit '1ebcde047c54' which added pd-mapper implementation (Kernel Patch). The CVSS v3.1 base score is 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a NULL pointer dereference, which can lead to a denial of service condition in the affected system. The issue affects multiple child drivers including altmode, battery manager, and UCSI drivers (Kernel Patch).

The vulnerability has been patched by splitting the allocation of the 'client' object and its registration into two separate operations. The fix involves replacing the devmpmicglinkregisterclient function with two new functions: devmpmicglinkclientalloc and pmicglinkclient_register (Kernel Patch). Users should update to Linux kernel versions 6.6.49, 6.10.8, or later to address this vulnerability.