CVE-2024-38615

cpufreq: exit() callback is optional

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking
a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't
present.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: la devolución de llamada exit() es opcional La devolución de llamada exit() es opcional y no debe llamarse sin verificar primero un puntero válido. Además, debemos borrar el puntero freq_table incluso si la devolución de llamada exit() no está presente.

In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-12-19 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-459: Incomplete Cleanup

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/91a12e91dc39137906d929a4ff6f9c32c59697fa	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2d730b465e377396d2a09a53524b96b111f7ccb6	2024-06-16
https://git.kernel.org/stable/c/dfc56ff5ec9904c008e9376d90a6d7e2d2bec4d3	2024-06-16
https://git.kernel.org/stable/c/35db5e76d5e9f752476df5fa0b9018a2398b0378	2024-06-16
https://git.kernel.org/stable/c/8bc9546805e572ad101681437a49939f28777273	2024-06-12
https://git.kernel.org/stable/c/3e99f060cfd2e36504d62c9132b453ade5027e1c	2024-06-12
https://git.kernel.org/stable/c/ae37ebca325097d773d7bb6ec069123b30772872	2024-05-30
https://git.kernel.org/stable/c/a8204d1b6ff762d2171d365c2c8560285d0a233d	2024-05-30
https://git.kernel.org/stable/c/b8f85833c05730d631576008daaa34096bc7f3ce	2024-04-12

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-38615	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2293348	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 5.4.278 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.4.278"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.10"		en		Affected