Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod — rmmod — insmod cycle the kernel oopses: max3100 spi-PRP0001:01: max3100_probe: adding port 0 BUG: kernel NULL pointer dereference, address: 0000000000000408 ... RIP: 0010:serial_core_register_port+0xa0/0x840 ... max3100_probe+0x1b6/0x280 [max3100] spi_probe+0x8d/0xb0 Update the actual state so next time UART driver will be registered again. Hugo also noticed, that the error path in the probe also affected by having the variable set, and not cleared. Instead of clearing it move the assignment after the successfull uart_register_driver() call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.30, < 4.19.316 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8bPatch
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752Patch
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ecPatch
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003Patch
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00Patch
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762Patch
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72Patch
- https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0Patch
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8bPatch
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752Patch
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ecPatch
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003Patch
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00Patch
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762Patch
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72Patch
FAQ
What is CVE-2024-38633?
CVE-2024-38633 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of th...
How severe is CVE-2024-38633?
CVE-2024-38633 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38633?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.