CVE-2024-57944: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57944 affects the Linux kernel's Industrial I/O (IIO) subsystem, specifically in the TI-ADS1298 ADC driver. The vulnerability was discovered and disclosed on January 21, 2025. The issue involves a missing NULL pointer check in the ads1298init function where devmkasprintf() can return a NULL pointer on failure, but the return value is not properly validated (NVD, Debian Tracker).

The vulnerability exists in the Linux kernel's ti-ads1298 driver, where the ads1298init function fails to check the return value of devmkasprintf(). This function can return NULL on failure, and without proper validation, it could lead to a NULL pointer dereference. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD).

The vulnerability could lead to a NULL pointer dereference, potentially causing system crashes or denial of service conditions. The impact is limited to systems using the TI-ADS1298 ADC driver in the Linux kernel. The CVSS score indicates that while the vulnerability requires local access and low privileges, it could result in high availability impact (NVD).

The vulnerability has been patched by adding a NULL check in the ads1298init function. The fix involves adding a validation check for the return value of devmkasprintf() and returning -ENOMEM if the allocation fails. The patch has been committed to the Linux kernel (Kernel Patch, Upstream Patch).