{"id":"DEBIAN-CVE-2024-49941","details":"In the Linux kernel, the following vulnerability has been resolved:  gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()  In `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may return a NULL pointer, leading to a scenario where `label-\u003estr` is accessed without verifying if `label` itself is NULL.  This patch adds a proper NULL check for `label` before accessing `label-\u003estr`. The check for `label-\u003estr != NULL` is removed because `label-\u003estr` can never be NULL if `label` is not NULL.  This fixes the issue where the label name was being printed as `(efault)` when dumping the sysfs GPIO file when `label == NULL`.","modified":"2025-11-19T01:01:59.954040Z","published":"2024-10-21T18:15:15.780Z","upstream":["CVE-2024-49941"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2024-49941"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.11.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-49941.json"}},{"package":{"name":"linux","ecosystem":"Debian:14","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.11.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-49941.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}