Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-38630HistoryJun 21, 2024 - 11:15 a.m.
CVE-2024-38630
2024-06-2111:15:11
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2
linux kernel
vulnerability
cve-2024-38630
fixed
use-after-free
bug
watchdog
cpu5wdt
del_timer
timer_shutdown_sync
port region
release
cpu5wdt_trigger
outb
0.0004 Low
EPSS
Percentile
15.7%
In the Linux kernel, the following vulnerability has been resolved:
watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
When the cpu5wdt module is removing, the origin code uses del_timer() to
de-activate the timer. If the timer handler is running, del_timer() could
not stop it and will return directly. If the port region is released by
release_region() and then the timer handler cpu5wdt_trigger() calls outb()
to write into the region that is released, the use-after-free bug will
happen.
Change del_timer() to timer_shutdown_sync() in order that the timer handler
could be finished before the port region is released.
Related
debiancve
debiancve
CVE-2024-38630
2024-06-21 11:15:11
ubuntucve
ubuntucve
CVE-2024-38630
2024-06-25 00:00:00
cve
cve
CVE-2024-38630
2024-06-21 11:15:11
cvelist
cvelist
redhatcve
redhatcve
CVE-2024-38630
2024-06-21 19:53:36