CVE-2024-57792: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57792 is a vulnerability discovered in the Linux kernel's power supply GPIO charger component. The issue was identified and resolved in January 2025, affecting the gpio-charger driver's charge current limit functionality. The vulnerability specifically impacts devices that allow setting the lowest charge current limit to be greater than zero (NVD).

The vulnerability occurs in the gpio-charger driver when setting charge current limits. When a requested charge current limit is below the lowest limit, the index equals currentlimitmap_size, which leads to accessing memory beyond allocated memory. This issue stems from a flaw in the charge-current-limit feature implementation, specifically identified in commit be2919d8355e (Kernel Commit).

The vulnerability could potentially lead to memory access beyond allocated boundaries in the Linux kernel's power supply subsystem, which may result in system instability or potential security implications when handling charge current limits for GPIO-based charger devices (Debian Tracker).

The issue has been fixed in multiple Linux kernel versions. Fixed versions include Linux 5.10.234-1 for Debian 11 (bullseye), 6.1.123-1 for Debian 12 (bookworm), and 6.12.17-1 for Debian sid/trixie. The fix implements a safety mechanism that defaults to the smallest current limitation when an invalid charge current limit is requested (Debian Tracker).