Description

In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it and will return directly. If the port region is released by release_region() and then the timer handler cpu5wdt_trigger() calls outb() to write into the region that is released, the use-after-free bug will happen. Change del_timer() to timer_shutdown_sync() in order that the timer handler could be finished before the port region is released.

INFO

Published Date :

2024-06-21T10:18:20.892Z

Last Modified :

2025-05-04T09:15:41.586Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38630 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38630.

URL Resource
https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4 cve-icon cve-icon
https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314 cve-icon cve-icon
https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024062141-CVE-2024-38630-3640@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-38630 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-38630 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact