{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40967", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.602Z", "datePublished": "2024-07-12T12:32:06.816Z", "dateUpdated": "2024-11-05T09:34:08.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:08.791Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/imx.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "7f2b9ab6d0b2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7f9e70c68b7a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "982ae3376c4c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "53b2c9554742", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e533e4c62e99", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/imx.c"], "versions": [{"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7"}, {"url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916"}, {"url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44"}, {"url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701"}, {"url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2"}], "title": "serial: imx: Introduce timeout when waiting on transmitter empty", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.087Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40967", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:03:07.116101Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:23.017Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.087Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40967", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:03:07.116101Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.329Z"}}], "cna": {"title": "serial: imx: Introduce timeout when waiting on transmitter empty", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "7f2b9ab6d0b2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7f9e70c68b7a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "982ae3376c4c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "53b2c9554742", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e533e4c62e99", "versionType": "git"}], "programFiles": ["drivers/tty/serial/imx.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.96", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/tty/serial/imx.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7"}, {"url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916"}, {"url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44"}, {"url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701"}, {"url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:08.791Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40967", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:34:08.791Z", "dateReserved": "2024-07-12T12:17:45.602Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:32:06.816Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD1E49C8-DE20-4CCB-8715-3FB3FA95ABC7", "versionEndExcluding": "5.15.162", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E887B4-732A-40D2-9983-CC6F281EBFB7", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Introduce timeout when waiting on transmitter empty\n\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\n\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: imx: Introduce tiempo de espera cuando se espera que el transmisor est\u00e9 vac\u00edo. Esperando como m\u00e1ximo 1 segundo para que se establezca USR2_TXDC, evitamos un posible punto muerto. En caso de que se agote el tiempo de espera, no hay mucho que podamos hacer, por lo que simplemente ignoramos el estado del transmisor e intentamos continuar con optimismo."}], "id": "CVE-2024-40967", "lastModified": "2024-11-21T09:31:58.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:18.480", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: serial: imx: Introduce timeout when waiting on transmitter empty", "id": "2297551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297551"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nserial: imx: Introduce timeout when waiting on transmitter empty\nBy waiting at most 1 second for USR2_TXDC to be set, we avoid a potential\ndeadlock.\nIn case of the timeout, there is not much we can do, so we simply ignore\nthe transmitter state and optimistically try to continue."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40967", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40967\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40967\nhttps://lore.kernel.org/linux-cve-announce/2024071227-CVE-2024-40967-665f@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.162, kernel 6.1.96, kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc1"}