CVE-2024-38633

CVE Details

Release Date:	2024-06-21
Impact:	Moderate	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved:\nserial: max3100: Update uart_driver_registered on driver removal\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod -- rmmod -- insmod cycle the kernel\noopses:\nmax3100 spi-PRP0001:01: max3100_probe: adding port 0\nBUG: kernel NULL pointer dereference, address: 0000000000000408\n...\nRIP: 0010:serial_core_register_port+0xa0/0x840\n...\nmax3100_probe+0x1b6/0x280 [max3100]\nspi_probe+0x8d/0xb0\nUpdate the actual state so next time UART driver will be registered\nagain.\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call.

See more information about CVE-2024-38633 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	4.4
Vector String:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	High
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12581	2024-08-12
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12611	2024-09-11
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12585	2024-08-12
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12581	2024-08-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12584	2024-08-12