CVE-2024-58011: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58011 affects the Linux kernel's platform/x86 int3472 driver. The vulnerability was discovered and disclosed on February 26, 2025, and involves a potential NULL pointer dereference in the skl_int3472_get_acpi_buffer() function. The issue occurs when devices lack an ACPI companion fwnode, which can happen when users manually bind int3472 drivers to another i2c/platform device through sysfs (NVD).

The vulnerability is a NULL pointer dereference issue in the Linux kernel's int3472 driver. It has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical root cause is that the code did not properly check if the ACPI device (adev) pointer was NULL before accessing it in the skl_int3472_get_acpi_buffer() function (NVD).

If exploited, this vulnerability could lead to a NULL pointer dereference in the kernel, potentially causing a system crash. The impact is limited to availability (denial of service) with no direct effects on confidentiality or integrity (NVD).

The vulnerability has been patched by adding a check for adev being NULL and returning -ENODEV in that case. The fix has been implemented in multiple kernel versions through various patches (Kernel Patch).