Stay Connected:

CVE-2024-38633

CVE Details

Release Date:2024-06-21

Description


In the Linux kernel, the following vulnerability has been resolved:\nserial: max3100: Update uart_driver_registered on driver removal\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod -- rmmod -- insmod cycle the kernel\noopses:\nmax3100 spi-PRP0001:01: max3100_probe: adding port 0\nBUG: kernel NULL pointer dereference, address: 0000000000000408\n...\nRIP: 0010:serial_core_register_port+0xa0/0x840\n...\nmax3100_probe+0x1b6/0x280 [max3100]\nspi_probe+0x8d/0xb0\nUpdate the actual state so next time UART driver will be registered\nagain.\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call.

See more information about CVE-2024-38633 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 4.4 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: High User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 7 (kernel-uek)ELSA-2024-126112024-09-11
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-125852024-08-12
Oracle Linux version 8 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-125842024-08-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights