PT-2024-28090 · Linux+6 · Linux Kernel+6

Andy Shevchenko

Published

2024-04-02

Updated

2025-09-29

CVE-2024-38633

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when the last MAX3100 device is removed, triggering the removal of the driver. However, the code fails to update the respective global variable, leading to a kernel crash after an insmod — rmmod — insmod cycle. This results in a NULL pointer dereference. The error path in the probe is also affected by the variable not being cleared. To resolve this, the assignment should be moved after the successful uart register driver() call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-13979

ALT-PU-2024-14046

ALT-PU-2024-17597

BDU:2025-03032

CVE-2024-38633

DLA-3840-1

DSA-5730-1

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1835

OESA-2024-1838

OESA-2024-1839

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6953-1

USN-6979-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

USN-7183-1

USN-7184-1

USN-7185-1

USN-7185-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-28090 · Linux+6 · Linux Kernel+6

CVE-2024-38633

Weakness Enumeration

Related Identifiers

Affected Products

References · 3312