NULL Pointer Dereference Affecting kernel-uek-debug-modules-usb package, versions <0:6.12.0-102.36.5.2.el9uek


Severity

Recommended
high

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.19% (10th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE9-KERNELUEKDEBUGMODULESUSB-10783414
  • published19 Jul 2025
  • disclosed27 Dec 2024

Introduced: 27 Dec 2024

CVE-2024-56580  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade Oracle:9 kernel-uek-debug-modules-usb to version 0:6.12.0-102.36.5.2.el9uek or higher.
This issue was patched in ELSA-2025-20530.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug-modules-usb package and not the kernel-uek-debug-modules-usb package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

media: qcom: camss: fix error path on configuration of power domains

There is a chance to meet runtime issues during configuration of CAMSS power domains, because on the error path dev_pm_domain_detach() is unexpectedly called with NULL or error pointer.

One of the simplest ways to reproduce the problem is to probe CAMSS driver before registration of CAMSS power domains, for instance if a platform CAMCC driver is simply not built.

Warning backtrace example:

Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a2

&lt;snip&gt;

pc : dev_pm_domain_detach+0x8/0x48 lr : camss_probe+0x374/0x9c0

&lt;snip&gt;

Call trace: dev_pm_domain_detach+0x8/0x48 platform_probe+0x70/0xf0 really_probe+0xc4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __device_attach_driver+0xc0/0x148 bus_for_each_drv+0x88/0xf0 __device_attach+0xb0/0x1c0 device_initial_probe+0x1c/0x30 bus_probe_device+0xb4/0xc0 deferred_probe_work_func+0x90/0xd0 process_one_work+0x164/0x3e0 worker_thread+0x310/0x420 kthread+0x120/0x130 ret_from_fork+0x10/0x20

CVSS Base Scores

version 3.1