FKIE_CVE-2024-38634

Vulnerability from fkie_nvd - Published: 2024-06-21 11:15 - Updated: 2025-11-04 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's taken by explicitly doing that. Without it we got a splat: WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0 ... Workqueue: max3100-0 max3100_work [max3100] RIP: 0010:uart_handle_cts_change+0xa6/0xb0 ... max3100_handlerx+0xc5/0x110 [max3100] max3100_work+0x12a/0x340 [max3100]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9baPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ecPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9baPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ecPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
linux linux_kernel 2.6.30
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DF3CB59-7EFD-4F19-A9A4-224F9436AF45",
              "versionEndExcluding": "4.19.316",
              "versionStartIncluding": "2.6.31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701",
              "versionEndExcluding": "5.4.278",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9",
              "versionEndExcluding": "5.10.219",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2",
              "versionEndExcluding": "5.15.161",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667",
              "versionEndExcluding": "6.1.93",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E",
              "versionEndExcluding": "6.6.33",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627",
              "versionEndExcluding": "6.9.4",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*",
              "matchCriteriaId": "77B40D2B-9AAA-49A4-9C74-7A94A82DBCCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "88F60E74-09DB-4D4A-B922-4A46EED0EC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E242D3DE-D1DC-406A-BCC3-C4380B7EC369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "5EE58B00-70BB-493D-ACDE-77F486984392",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "8598D6E5-0C5C-4A31-841A-C12801DB7D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "59800B0A-477B-42F8-A58A-5144F455AE01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "65210718-2AF2-47E5-A1A7-CE72B926F9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "724E1180-5A91-4503-8723-C59528794884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it\u0027s taken by explicitly doing\nthat. Without it we got a splat:\n\n  WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n  ...\n  Workqueue: max3100-0 max3100_work [max3100]\n  RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n  ...\n   max3100_handlerx+0xc5/0x110 [max3100]\n   max3100_work+0x12a/0x340 [max3100]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: max3100: Bloquear puerto-\u0026gt;bloquear al llamar a uart_handle_cts_change() uart_handle_cts_change() debe llamarse con el bloqueo de puerto tomado. Dado que lo ejecutamos en un trabajo separado, el bloqueo puede No se tomar\u00e1 en el momento de correr. Aseg\u00farese de que se tome haci\u00e9ndolo expl\u00edcitamente. Sin \u00e9l, tenemos un s\u00edmbolo: ADVERTENCIA: CPU: 0 PID: 10 en drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0 ... Workqueue: max3100-0 max3100_work [max3100] RIP: 0010:uart_handle_cts_change+ 0xa6/0xb0 ... max3100_handlerx+0xc5/0x110 [max3100] max3100_work+0x12a/0x340 [max3100]"
    }
  ],
  "id": "CVE-2024-38634",
  "lastModified": "2025-11-04T18:16:29.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-21T11:15:12.160",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.