PT-2024-33894 · Linux+8 · Linux Kernel+8
Jiri Slaby
·
Published
2024-10-21
·
Updated
2025-10-03
·
CVE-2024-50058
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A vulnerability in the Linux kernel has been resolved, related to the
uart port dtr rts() function in uart shutdown(). The issue arises from an unprotected call to uart port dtr rts(uport, false) after a uport == NULL check was added. This call is only invoked if HUPCL is set. The vulnerability was identified by Coverity under CID 1585130.Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider moving the dereference of
uport to the if statement to prevent potential null pointer dereferences. Restrict access to the uart port dtr rts() function until the issue is resolved.Exploit
Fix
NULL Pointer Dereference
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu