CVE-2024-38563 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature

Without this commit, reading chip temperature will cause memory leakage.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data.

Advisories

Source	ID	Title
Ubuntu USN	USN-6949-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6949-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6952-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6955-1	Linux kernel (OEM) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e
https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939
https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5
https://lore.kernel.org/linux-cve-announce/2024061954-CVE-2024-38563-2c2e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38563
https://www.cve.org/CVERecord?id=CVE-2024-38563

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:31.551Z

Updated: 2025-05-04T09:14:11.135Z

Reserved: 2024-06-18T19:36:34.922Z

Link: CVE-2024-38563

Vulnrichment

Updated: 2024-08-02T04:12:26.045Z

NVD

Status : Modified

Published: 2024-06-19T14:15:16.480

Modified: 2024-11-21T09:26:21.400

Link: CVE-2024-38563

Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38563 - Bugzilla

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38563", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.922Z", "datePublished": "2024-06-19T13:35:31.551Z", "dateUpdated": "2025-05-04T09:14:11.135Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:14:11.135Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix potential memory leakage when reading chip temperature\n\nWithout this commit, reading chip temperature will cause memory leakage."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7996/mcu.c"], "versions": [{"version": "6879b2e94172ed80394dd49d410814ad427d1ca0", "lessThan": "84e81f9b4818b8efe89beb12a246d5d510631939", "status": "affected", "versionType": "git"}, {"version": "6879b2e94172ed80394dd49d410814ad427d1ca0", "lessThan": "ef46dbb93fc9279fb7de883aac22abffe214e6b5", "status": "affected", "versionType": "git"}, {"version": "6879b2e94172ed80394dd49d410814ad427d1ca0", "lessThan": "474b9412f33be87076b40a49756662594598a85e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7996/mcu.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.9.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939"}, {"url": "https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5"}, {"url": "https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e"}], "title": "wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.045Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:14:34.739415Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:56.761Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.045Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:14:34.739415Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:27.055Z"}}], "cna": {"title": "wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6879b2e94172ed80394dd49d410814ad427d1ca0", "lessThan": "84e81f9b4818b8efe89beb12a246d5d510631939", "versionType": "git"}, {"status": "affected", "version": "6879b2e94172ed80394dd49d410814ad427d1ca0", "lessThan": "ef46dbb93fc9279fb7de883aac22abffe214e6b5", "versionType": "git"}, {"status": "affected", "version": "6879b2e94172ed80394dd49d410814ad427d1ca0", "lessThan": "474b9412f33be87076b40a49756662594598a85e", "versionType": "git"}], "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7996/mcu.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "semver"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7996/mcu.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939"}, {"url": "https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5"}, {"url": "https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix potential memory leakage when reading chip temperature\n\nWithout this commit, reading chip temperature will cause memory leakage."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "6.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:14:11.135Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38563", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:14:11.135Z", "dateReserved": "2024-06-18T19:36:34.922Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:35:31.551Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F3B5DB-BFED-4D0E-86BB-2B6ECB1CEFB9", "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011", "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix potential memory leakage when reading chip temperature\n\nWithout this commit, reading chip temperature will cause memory leakage."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: mt76: mt7996: corrige una posible p\u00e9rdida de memoria al leer la temperatura del chip Sin esta confirmaci\u00f3n, la lectura de la temperatura del chip provocar\u00e1 una p\u00e9rdida de memoria."}], "id": "CVE-2024-38563", "lastModified": "2024-11-21T09:26:21.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-19T14:15:16.480", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/474b9412f33be87076b40a49756662594598a85e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/84e81f9b4818b8efe89beb12a246d5d510631939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef46dbb93fc9279fb7de883aac22abffe214e6b5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}