CVE-2024-39484

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in reference: davinci_mmcsd_driver+0x10 (section: .data) -> davinci_mmcsd_remove (section: .exit.text)
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:27

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584 - Mailing List, Patch () https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584 - Mailing List, Patch
References () https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3 - Mailing List, Patch () https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3 - Mailing List, Patch
References () https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e - Mailing List, Patch () https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e - Mailing List, Patch
References () https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4 - Mailing List, Patch () https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4 - Mailing List, Patch
References () https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb - Mailing List, Patch () https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb - Mailing List, Patch
References () https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1 - Mailing List, Patch () https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1 - Mailing List, Patch

08 Jul 2024, 18:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584 - () https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584 - Mailing List, Patch
References () https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3 - () https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3 - Mailing List, Patch
References () https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e - () https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e - Mailing List, Patch
References () https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4 - () https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4 - Mailing List, Patch
References () https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb - () https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb - Mailing List, Patch
References () https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1 - () https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1 - Mailing List, Patch
First Time Linux
Linux linux Kernel
CWE CWE-770
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

05 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: davinci: no eliminar la función de eliminación cuando el controlador está integrado. El uso de __exit para la función de eliminación hace que la devolución de llamada de eliminación se descarte con CONFIG_MMC_DAVINCI=y. Cuando un dispositivo de este tipo se desvincula (por ejemplo, usando sysfs o hotplug), el controlador simplemente se elimina sin que se realice la limpieza. Esto da como resultado fugas de recursos. Solucionarlo compilando la devolución de llamada de eliminación incondicionalmente. Esto también corrige una advertencia de modpost W=1: ADVERTENCIA: modpost: drivers/mmc/host/davinci_mmc: falta de coincidencia de sección en referencia: davinci_mmcsd_driver+0x10 (sección: .data) -> davinci_mmcsd_remove (sección: .exit.text)

05 Jul 2024, 08:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4 -
  • () https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1 -

05 Jul 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-05 07:15

Updated : 2024-11-21 09:27


NVD link : CVE-2024-39484

Mitre link : CVE-2024-39484

CVE.ORG link : CVE-2024-39484


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-770

Allocation of Resources Without Limits or Throttling