CVE-2024-38630
- Source
- https://cve.org/CVERecord?id=CVE-2024-38630
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38630.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-38630
- Downstream
- Related
- Published
- 2024-06-21T10:18:20.892Z
- Modified
- 2026-03-20T12:37:11.362197Z
- Summary
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
When the cpu5wdt module is removing, the origin code uses deltimer() to de-activate the timer. If the timer handler is running, deltimer() could not stop it and will return directly. If the port region is released by releaseregion() and then the timer handler cpu5wdttrigger() calls outb() to write into the region that is released, the use-after-free bug will happen.
Change deltimer() to timershutdown_sync() in order that the timer handler could be finished before the port region is released.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38630.json" }- References
-
- https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4
- https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314
- https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38630.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-38630
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git