CVE-2024-46691

Summary

CVE-2024-46691 is a vulnerability identified in the Linux kernel that affects the UCSI (USB Type-C Connector System Software Interface) functionality. The issue arises from a change in the handling of the pmic_glink client list, which now results in the ucsi_unregister() function being called from an atomic context, potentially leading to a NULL pointer dereference if the communication link with a remote processor is lost. To remediate this vulnerability, organizations should apply patches provided in the referenced commits to ensure proper handling of unregistration outside of atomic contexts. The vulnerability poses a medium severity risk with potential availability impact, meaning it could disrupt system operations without requiring user interaction. The exploitability score is low, indicating that it can be exploited locally by users with minimal privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.