CVE-2024-39484

2024-07-0507:15:10

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

cve-2024-39484

remove callback

mmc davinci driver

resource leaks

modpost warning

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mmc: davinci: Don’t strip remove function when driver is builtin

Using __exit for the remove function results in the remove callback being
discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.
using sysfs or hotplug), the driver is just removed without the cleanup
being performed. This results in resource leaks. Fix it by compiling in the
remove callback unconditionally.

This also fixes a W=1 modpost warning:

WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in
reference: davinci_mmcsd_driver+0x10 (section: .data) ->
davinci_mmcsd_remove (section: .exit.text)

Affected configurations

Vulners

Node

linuxlinux_kernelRange2.6.33–5.10.221

linuxlinux_kernelRange5.11.0–5.15.162

linuxlinux_kernelRange5.16.0–6.1.95

linuxlinux_kernelRange6.2.0–6.6.34

linuxlinux_kernelRange6.7.0–6.9.5

linuxlinux_kernelRange6.10.0–6.10-rc1

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/mmc/host/davinci_mmc.c"
    ],
    "versions": [
      {
        "version": "b4cff4549b7a",
        "lessThan": "6ff7cfa02baa",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b4cff4549b7a",
        "lessThan": "aea35157bb9b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b4cff4549b7a",
        "lessThan": "5ee241f72edc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b4cff4549b7a",
        "lessThan": "7590da4c04dd",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b4cff4549b7a",
        "lessThan": "1d5ed0efe51d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b4cff4549b7a",
        "lessThan": "55c421b36448",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/mmc/host/davinci_mmc.c"
    ],
    "versions": [
      {
        "version": "2.6.33",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "2.6.33",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.162",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.95",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.34",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.5",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]