- Vulnerability/
- CVE-2024-38634
CVE-2024-38634: serial: max3100: Lock port->lock when calling uart_handle_cts_change()
First published: Fri Jun 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's taken by explicitly doing that. Without it we got a splat: WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0 ... Workqueue: max3100-0 max3100_work [max3100] RIP: 0010:uart_handle_cts_change+0xa6/0xb0 ... max3100_handlerx+0xc5/0x110 [max3100] max3100_work+0x12a/0x340 [max3100]
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9
- https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47
- https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba
- https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec
- https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869
- https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458
- https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94
- https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30
- https://launchpad.net/bugs/cve/CVE-2024-38634
- https://git.kernel.org/linus/77ab53371a2066fdf9b895246505f5ef5a4b5d47
- https://security-tracker.debian.org/tracker/CVE-2024-38634
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38634
- https://nvd.nist.gov/vuln/detail/CVE-2024-38634
- https://ubuntu.com/security/CVE-2024-38634
Frequently Asked Questions
What is the severity of CVE-2024-38634?
The severity of CVE-2024-38634 is not specifically rated but it affects the Linux kernel, which can have significant implications for system stability and security.
How do I fix CVE-2024-38634?
To fix CVE-2024-38634, ensure you update to an unaffected version of the Linux kernel, specifically to versions 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1.
What causes the vulnerability CVE-2024-38634?
CVE-2024-38634 is caused by the lack of proper locking when calling the uart_handle_cts_change() function, which can lead to race conditions.
Which systems are affected by CVE-2024-38634?
Systems running specific versions of the Linux kernel are affected by CVE-2024-38634, particularly those using the max3100 serial driver.
Is there a known exploit for CVE-2024-38634?
As of now, there are no publicly known exploits specifically targeting CVE-2024-38634 reported.
- agent/title
- agent/severity
- agent/type
- collector/nvd-api
- source/NVD
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/references
- agent/description
- agent/event
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- package-manager/debian