CVE-2024-38614

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38614

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38614.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38614

Downstream

BELL-CVE-2024-38614

DEBIAN-CVE-2024-38614

OESA-2024-1863

UBUNTU-CVE-2024-38614

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Related

Published

2024-06-19T14:15:21Z

Modified

2025-10-03T15:26:20Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

openrisc: traps: Don't send signals to kernel mode threads

OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions (for debugging) among others. There is a bug where the trap handling logic may send signals to kernel threads, we should not send these signals to kernel threads, if that happens we treat it as an error.

This patch adds conditions to die if the kernel receives these exceptions in kernel mode code.

References

Affected packages