CVE-2024-39466

thermal/drivers/qcom/lmh: Check for SCM availability at probe

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been
performed, leading to possible null pointer dereferences (which did
happen for me on RB1). Fix that.

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix that.

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-25 CVE Reserved
2024-06-25 CVE Published
2024-12-19 CVE Updated
2025-03-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/53bca371cdf7addc1e93e1b99285b3d3935685ec	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3	2024-06-16
https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665	2024-06-16
https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464	2024-06-16
https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b	2024-06-16
https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be	2024-04-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.94 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.94"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.9.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.9.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.10"		en		Affected