CVE-2024-39485Improper Initialization in Linux

CWE-665Improper InitializationCWE-459Incomplete Cleanup20 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJul 5
Latest updateSep 23

Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifier_entry of a notifier is not re-initialised after unregistering the notifier. This leads to dangling pointers being left there so use list_del_init() to return the notifier_entry an empty list.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDlinux/linux_kernel6.96.9.5+2
Debianlinux/linux_kernel< 6.9.7-1+1
Ubuntulinux/linux_kernel< 6.8.0-44.44

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux-hwe-6.82024-09-23
OSV
linux-raspi vulnerabilities2024-09-23
OSV
linux-lowlatency-hwe-6.8 vulnerabilities2024-09-13
OSV
linux-nvidia-6.8 vulnerabilities2024-09-13
OSV
linux-nvidia, linux-nvidia-lowlatency vulnerabilities2024-09-12

📋Vendor Advisories

10
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-13
Ubuntu
Linux kernel vulnerabilities2024-09-13
Ubuntu
Linux kernel vulnerabilities2024-09-12