PT-2024-9780 · Linux+9 · Linux Kernel+9
Lizhe
·
Published
2024-04-12
·
Updated
2025-10-03
·
CVE-2024-38615
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The issue is related to the cpufreq component of the Linux kernel, where the exit() callback is optional and should not be called without checking a valid pointer first. Additionally, the freq table pointer must be cleared even if the exit() callback is not present. There is also a mention of a vulnerability in the ALSA component related to improper input validation in the snd timer start1() function, which could allow an attacker to cause a denial of service.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the vulnerable cpufreq component until a patch is available. Restrict access to the ALSA component to minimize the risk of exploitation. Avoid using the vulnerable snd timer start1() function until the issue is resolved.
Exploit
Fix
NULL Pointer Dereference
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu