CVE-2024-38611Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-402Resource Leak40 documents6 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV6.5
EPSS
0.0%
top 95.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJun 19
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel4.115.10.236+5
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-200.220+3
CVEListV5linux/linuxc5254e72b8edc2ca0a98703e92e8c34959343d2c963523600d9f1e36bc35ba774c2493d6baa4dd8f+7
debiandebian/linux< linux 6.1.133-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

20
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities2024-12-09
OSV
linux-azure vulnerabilities2024-11-20
OSV
linux-iot vulnerabilities2024-11-19
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-11-14

📋Vendor Advisories

19
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-12-09
Ubuntu
Linux kernel (Azure) vulnerabilities2024-11-20
Ubuntu
Linux kernel (IoT) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-14