CVE-2024-38633
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
21/06/2024
Last modified:
04/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
serial: max3100: Update uart_driver_registered on driver removal<br />
<br />
The removal of the last MAX3100 device triggers the removal of<br />
the driver. However, code doesn&#39;t update the respective global<br />
variable and after insmod — rmmod — insmod cycle the kernel<br />
oopses:<br />
<br />
max3100 spi-PRP0001:01: max3100_probe: adding port 0<br />
BUG: kernel NULL pointer dereference, address: 0000000000000408<br />
...<br />
RIP: 0010:serial_core_register_port+0xa0/0x840<br />
...<br />
max3100_probe+0x1b6/0x280 [max3100]<br />
spi_probe+0x8d/0xb0<br />
<br />
Update the actual state so next time UART driver will be registered<br />
again.<br />
<br />
Hugo also noticed, that the error path in the probe also affected<br />
by having the variable set, and not cleared. Instead of clearing it<br />
move the assignment after the successfull uart_register_driver() call.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.30 (including) | 4.19.316 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.278 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.219 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.161 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.93 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.33 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72
- https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72
- https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html