CVE-2024-56629: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard. Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor 0 read error: -22 [ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07 [ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0 [ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80 [ 56.697732] Oops[#1]: [ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015 [ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024 [ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0 [ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000 [ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000 [ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005 [ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000 [ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028 [ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000 [ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000 [ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom] [ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120 [ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE) [ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) [ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 56.697835] BADV: 0000000000000000 [ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000) [ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit [ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3) [ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000 [ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000 [ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0 [ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c [ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440 [ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0 [ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c [ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000 [ 56.697931] 90000001000bb8d0 ---truncated---
AI Analysis
Technical Summary
CVE-2024-56629 is a vulnerability identified in the Linux kernel's Human Interface Device (HID) subsystem, specifically affecting the Wacom driver. The flaw arises from improper handling of the device product name string (dev->product) when it is empty or null. Certain devices incorrectly report an empty product name, leading to a null pointer dereference in the kernel code path responsible for updating the Wacom device name. This results in a kernel panic or system crash due to an invalid memory access. The vulnerability was discovered on hardware using the Loongson-LS3A6000-7A2000-DL37 motherboard, but the underlying issue lies in the Linux kernel code and can potentially affect any system running the vulnerable kernel version with similar HID devices. The kernel logs show the crash occurs during USB device initialization, triggered by the udev worker process, indicating that the flaw can be exploited simply by connecting a specially crafted or affected USB HID device. The problem is rooted in the wacom_update_name function, which does not properly check for null before using the product string, leading to a kernel paging fault. This vulnerability can cause denial of service (DoS) by crashing the entire system, impacting availability. There is no indication that this vulnerability allows privilege escalation or code execution beyond the DoS impact. No CVSS score has been assigned yet, and there are no known exploits in the wild at this time. The issue has been resolved in recent Linux kernel updates, but affected versions prior to the fix remain vulnerable. The vulnerability highlights the importance of robust input validation in kernel drivers handling external device data.
Potential Impact
For European organizations, the primary impact of CVE-2024-56629 is the potential for denial of service on Linux systems utilizing the affected kernel versions and Wacom HID drivers. This can disrupt business operations, especially in environments where Linux is used for critical infrastructure, workstations, or embedded systems that interface with USB HID devices. Industries relying on Linux-based workstations with Wacom tablets or similar USB HID devices—such as graphic design, digital content creation, and certain manufacturing sectors—may experience system instability or crashes. Additionally, organizations using Loongson-based hardware platforms, which are less common but may be present in specialized or research environments, could be directly affected. The vulnerability could be exploited by an attacker with physical access to the system or via malicious USB devices introduced into the environment, potentially causing repeated system crashes and operational downtime. Although the vulnerability does not appear to allow remote code execution or privilege escalation, the resulting instability could be leveraged as part of a broader attack strategy to disrupt services or delay incident response. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or intentional triggering of the flaw.
Mitigation Recommendations
To mitigate CVE-2024-56629, European organizations should prioritize updating Linux kernels to versions where the vulnerability has been patched. This involves applying the latest stable kernel releases or vendor-provided security updates that include the fix for the Wacom HID driver null pointer dereference. Organizations should audit their Linux systems to identify those running affected kernel versions and verify the presence of Wacom or similar HID drivers. Where kernel updates are not immediately feasible, implementing USB device control policies can reduce risk by restricting or monitoring the connection of untrusted USB HID devices. Employing endpoint security solutions that can detect anomalous USB device behavior or block unauthorized devices is recommended. For environments using Loongson-based hardware, ensure firmware and kernel updates are applied promptly. Additionally, system administrators should review udev rules and device handling configurations to minimize exposure to malformed device descriptors. Regularly monitoring kernel logs for signs of null pointer dereferences or crashes related to USB HID devices can help detect attempts to trigger this vulnerability. Finally, educating staff about the risks of connecting unknown USB devices can reduce the likelihood of exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Estonia
CVE-2024-56629: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard. Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor 0 read error: -22 [ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07 [ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0 [ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80 [ 56.697732] Oops[#1]: [ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015 [ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024 [ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0 [ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000 [ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000 [ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005 [ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000 [ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028 [ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000 [ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000 [ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom] [ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120 [ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE) [ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) [ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 56.697835] BADV: 0000000000000000 [ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000) [ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit [ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3) [ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000 [ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000 [ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0 [ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c [ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440 [ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0 [ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c [ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000 [ 56.697931] 90000001000bb8d0 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-56629 is a vulnerability identified in the Linux kernel's Human Interface Device (HID) subsystem, specifically affecting the Wacom driver. The flaw arises from improper handling of the device product name string (dev->product) when it is empty or null. Certain devices incorrectly report an empty product name, leading to a null pointer dereference in the kernel code path responsible for updating the Wacom device name. This results in a kernel panic or system crash due to an invalid memory access. The vulnerability was discovered on hardware using the Loongson-LS3A6000-7A2000-DL37 motherboard, but the underlying issue lies in the Linux kernel code and can potentially affect any system running the vulnerable kernel version with similar HID devices. The kernel logs show the crash occurs during USB device initialization, triggered by the udev worker process, indicating that the flaw can be exploited simply by connecting a specially crafted or affected USB HID device. The problem is rooted in the wacom_update_name function, which does not properly check for null before using the product string, leading to a kernel paging fault. This vulnerability can cause denial of service (DoS) by crashing the entire system, impacting availability. There is no indication that this vulnerability allows privilege escalation or code execution beyond the DoS impact. No CVSS score has been assigned yet, and there are no known exploits in the wild at this time. The issue has been resolved in recent Linux kernel updates, but affected versions prior to the fix remain vulnerable. The vulnerability highlights the importance of robust input validation in kernel drivers handling external device data.
Potential Impact
For European organizations, the primary impact of CVE-2024-56629 is the potential for denial of service on Linux systems utilizing the affected kernel versions and Wacom HID drivers. This can disrupt business operations, especially in environments where Linux is used for critical infrastructure, workstations, or embedded systems that interface with USB HID devices. Industries relying on Linux-based workstations with Wacom tablets or similar USB HID devices—such as graphic design, digital content creation, and certain manufacturing sectors—may experience system instability or crashes. Additionally, organizations using Loongson-based hardware platforms, which are less common but may be present in specialized or research environments, could be directly affected. The vulnerability could be exploited by an attacker with physical access to the system or via malicious USB devices introduced into the environment, potentially causing repeated system crashes and operational downtime. Although the vulnerability does not appear to allow remote code execution or privilege escalation, the resulting instability could be leveraged as part of a broader attack strategy to disrupt services or delay incident response. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or intentional triggering of the flaw.
Mitigation Recommendations
To mitigate CVE-2024-56629, European organizations should prioritize updating Linux kernels to versions where the vulnerability has been patched. This involves applying the latest stable kernel releases or vendor-provided security updates that include the fix for the Wacom HID driver null pointer dereference. Organizations should audit their Linux systems to identify those running affected kernel versions and verify the presence of Wacom or similar HID drivers. Where kernel updates are not immediately feasible, implementing USB device control policies can reduce risk by restricting or monitoring the connection of untrusted USB HID devices. Employing endpoint security solutions that can detect anomalous USB device behavior or block unauthorized devices is recommended. For environments using Loongson-based hardware, ensure firmware and kernel updates are applied promptly. Additionally, system administrators should review udev rules and device handling configurations to minimize exposure to malformed device descriptors. Regularly monitoring kernel logs for signs of null pointer dereferences or crashes related to USB HID devices can help detect attempts to trigger this vulnerability. Finally, educating staff about the risks of connecting unknown USB devices can reduce the likelihood of exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.018Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde3e4
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:24:47 AM
Last updated: 8/9/2025, 2:07:49 PM
Views: 13
Related Threats
CVE-2025-8845: Stack-based Buffer Overflow in NASM Netwide Assember
MediumCVE-2025-8844: NULL Pointer Dereference in NASM Netwide Assember
MediumCVE-2025-8843: Heap-based Buffer Overflow in NASM Netwide Assember
MediumCVE-2025-8842: Use After Free in NASM Netwide Assember
MediumCVE-2025-8841: Unrestricted Upload in zlt2000 microservices-platform
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.