{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38633", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.947Z", "datePublished": "2024-06-21T10:18:22.905Z", "dateUpdated": "2024-08-02T04:12:26.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:49:28.693Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod \u2014 rmmod \u2014 insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/max3100.c"], "versions": [{"version": "7831d56b0a35", "lessThan": "21a61a7fbcfd", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "9db4222ed8cd", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "e8e2a4339dec", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "361a92c9038e", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "b6eb7aff23e0", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "e8a10089eddb", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "fa84ca78b048", "status": "affected", "versionType": "git"}, {"version": "7831d56b0a35", "lessThan": "712a1fcb38dc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/max3100.c"], "versions": [{"version": "2.6.30", "status": "affected"}, {"version": "0", "lessThan": "2.6.30", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"}, {"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"}, {"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"}, {"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"}, {"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"}, {"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"}, {"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"}, {"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"}], "title": "serial: max3100: Update uart_driver_registered on driver removal", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T15:15:33.848896Z", "id": "CVE-2024-38633", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T15:15:44.451Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.000Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38633", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-24T15:15:33.848896Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T15:15:39.679Z"}}], "cna": {"title": "serial: max3100: Update uart_driver_registered on driver removal", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7831d56b0a35", "lessThan": "21a61a7fbcfd", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "9db4222ed8cd", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "e8e2a4339dec", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "361a92c9038e", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "b6eb7aff23e0", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "e8a10089eddb", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "fa84ca78b048", "versionType": "git"}, {"status": "affected", "version": "7831d56b0a35", "lessThan": "712a1fcb38dc", "versionType": "git"}], "programFiles": ["drivers/tty/serial/max3100.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.30"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.30", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.316", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/tty/serial/max3100.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"}, {"url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"}, {"url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"}, {"url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"}, {"url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"}, {"url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"}, {"url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"}, {"url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod \u2014 rmmod \u2014 insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:49:28.693Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38633", "state": "PUBLISHED", "dateUpdated": "2024-07-15T06:49:28.693Z", "dateReserved": "2024-06-18T19:36:34.947Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:18:22.905Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "229013CC-BC60-4AD0-B3A5-1E549CE791F5", "versionEndExcluding": "4.19.316", "versionStartIncluding": "2.6.30", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701", "versionEndExcluding": "5.4.278", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627", "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Update uart_driver_registered on driver removal\n\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod \u2014 rmmod \u2014 insmod cycle the kernel\noopses:\n\n max3100 spi-PRP0001:01: max3100_probe: adding port 0\n BUG: kernel NULL pointer dereference, address: 0000000000000408\n ...\n RIP: 0010:serial_core_register_port+0xa0/0x840\n ...\n max3100_probe+0x1b6/0x280 [max3100]\n spi_probe+0x8d/0xb0\n\nUpdate the actual state so next time UART driver will be registered\nagain.\n\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: max3100: actualizaci\u00f3n uart_driver_registered al eliminar el controlador La eliminaci\u00f3n del \u00faltimo dispositivo MAX3100 desencadena la eliminaci\u00f3n del controlador. Sin embargo, el c\u00f3digo no actualiza la variable global respectiva y despu\u00e9s del ciclo insmod \u2014 rmmod \u2014 insmod, el kernel falla: max3100 spi-PRP0001:01: max3100_probe: agregando el puerto 0 ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000408... RIP: 0010:serial_core_register_port+0xa0/0x840 ... max3100_probe+0x1b6/0x280 [max3100] spi_probe+0x8d/0xb0 Actualice el estado actual para que la pr\u00f3xima vez el controlador UART se registre nuevamente. Hugo tambi\u00e9n not\u00f3 que la ruta de error en la sonda tambi\u00e9n se ve\u00eda afectada por tener la variable configurada y no borrada. En lugar de borrarlo, mueva la asignaci\u00f3n despu\u00e9s de la llamada exitosa a uart_register_driver()."}], "id": "CVE-2024-38633", "lastModified": "2024-09-09T13:53:54.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-21T11:15:12.053", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: serial: max3100: Update uart_driver_registered on driver removal", "id": "2293695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293695"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nserial: max3100: Update uart_driver_registered on driver removal\nThe removal of the last MAX3100 device triggers the removal of\nthe driver. However, code doesn't update the respective global\nvariable and after insmod \u2014 rmmod \u2014 insmod cycle the kernel\noopses:\nmax3100 spi-PRP0001:01: max3100_probe: adding port 0\nBUG: kernel NULL pointer dereference, address: 0000000000000408\n...\nRIP: 0010:serial_core_register_port+0xa0/0x840\n...\nmax3100_probe+0x1b6/0x280 [max3100]\nspi_probe+0x8d/0xb0\nUpdate the actual state so next time UART driver will be registered\nagain.\nHugo also noticed, that the error path in the probe also affected\nby having the variable set, and not cleared. Instead of clearing it\nmove the assignment after the successfull uart_register_driver() call.", "A vulnerability was found in the Linux kernel, affecting the `max3100` serial driver. This issue involves improper handling of the `uart_driver_registered` state upon driver removal, which could lead to use-after-free conditions or undefined behavior. This flaw might allow attackers to exploit the driver to gain unauthorized access or cause system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38633", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38633\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38633\nhttps://lore.kernel.org/linux-cve-announce/2024062142-CVE-2024-38633-06d4@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.316, kernel 5.4.278, kernel 5.10.219, kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.9.4, kernel 6.10-rc1"}