CVE-2024-50137: 
CBL Mariner vulnerability analysis and mitigation

A vulnerability in the Linux kernel's StarFive JH7110 reset driver has been identified and assigned CVE-2024-50137. The issue was discovered in the reset controller functionality for the JH7110 SoC, specifically related to accessing an empty member in the data structure. This vulnerability affects Linux kernel versions from 6.4 up to (excluding) 6.11.6, as well as versions 6.12-rc1 through 6.12-rc3 (NVD).

The vulnerability stems from a NULL pointer access in the StarFive JH7110 reset driver. The issue occurs when data->asserted is NULL on JH7110 SoC, which was introduced after commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver"). The CVSS v3.1 base score is 5.5 (MEDIUM) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability could lead to errors when calling resetcontrolstatus on JH7110 SoC, potentially causing system instability or denial of service conditions due to improper handling of NULL pointer access (Kernel Patch).

A fix has been implemented through a patch that adds a judgment condition to avoid errors when calling resetcontrolstatus on JH7110 SoC. The patch has been merged into the Linux kernel and is available in newer versions. Users are advised to update their systems to patched versions (Kernel Patch).