CVE-2024-26876

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a crash that occurs when an IRQ is pending during the probe of the adv7511 driver in the Linux kernel. Specifically, if an IRQ is already pending during the adv7511 probe() function, before the adv7511 cec init() function is called, then the cec received msg ts() function could crash using uninitialized data. This results in an internal error, with the kernel unable to handle a read from unreadable memory at a specific virtual address, leading to a call trace that includes functions such as cec received msg ts(), adv7511 cec irq process(), adv7511 irq process(), adv7511 irq handler(), irq thread fn(), irq thread(), and kthread().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

AZL-57725

CVE-2024-26876

ECHO-02E5-19B9-042C

OESA-2024-1617

OESA-2024-1618

OPENSUSE-SU-2024_1644-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2190-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-26876

Weakness Enumeration

Related Identifiers

Affected Products

References · 2251