CVE-2024-38633: serial: max3100: Update uart_driver_registered on driver removal
First published: Fri Jun 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod — rmmod — insmod cycle the kernel oopses: max3100 spi-PRP0001:01: max3100_probe: adding port 0 BUG: kernel NULL pointer dereference, address: 0000000000000408 ... RIP: 0010:serial_core_register_port+0xa0/0x840 ... max3100_probe+0x1b6/0x280 [max3100] spi_probe+0x8d/0xb0 Update the actual state so next time UART driver will be registered again. Hugo also noticed, that the error path in the probe also affected by having the variable set, and not cleared. Instead of clearing it move the assignment after the successfull uart_register_driver() call.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=2.6.30<4.19.316 | |
| Linux Linux kernel | >=4.20<5.4.278 | |
| Linux Linux kernel | >=5.5<5.10.219 | |
| Linux Linux kernel | >=5.11<5.15.161 | |
| Linux Linux kernel | >=5.16<6.1.93 | |
| Linux Linux kernel | >=6.2<6.6.33 | |
| Linux Linux kernel | >=6.7<6.9.4 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762
- https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec
- https://launchpad.net/bugs/cve/CVE-2024-38633
- https://git.kernel.org/linus/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec
- https://security-tracker.debian.org/tracker/CVE-2024-38633
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38633
- https://nvd.nist.gov/vuln/detail/CVE-2024-38633
- https://ubuntu.com/security/CVE-2024-38633
- agent/title
- agent/weakness
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.30
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- version/linux linux kernel/6.2
- version/linux linux kernel/6.7
- package-manager/debian