-

CVE-2024-27000

EPSS 0.05%
Veröffentlicht 01.05.2024 06:15:18
Zuletzt bearbeitet 21.11.2024 09:03:35
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

serial: mxs-auart: add spinlock around changing cts state

The uart_handle_cts_change() function in serial_core expects the caller
to hold uport->lock. For example, I have seen the below kernel splat,
when the Bluetooth driver is loaded on an i.MX28 board.

    [   85.119255] ------------[ cut here ]------------
    [   85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec
    [   85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs
    [   85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1
    [   85.151396] Hardware name: Freescale MXS (Device Tree)
    [   85.156679] Workqueue: hci0 hci_power_on [bluetooth]
    (...)
    [   85.191765]  uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4
    [   85.198787]  mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210
    (...)

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 56434e295bd446142025913bfdf1587f5e1970ad

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 21535ef0ac1945080198fe3e4347ea498205c99a

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 0dc0637e6b16158af85945425821bfd0151adb37

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 479244d68f5d94f3903eced52b093c1e01ddb495

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 2c9b943e9924cf1269e44289bc5e60e51b0f5270

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 94b0e65c75f4af888ab2dd6c90f060f762924e86

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

Version < 54c4ec5f8c471b7c1137a1f769648549c423c026

Version 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.18

Status affected

Version < 3.18

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.313

Status unaffected

Version <= 5.4.*

Version 5.4.275

Status unaffected

Version <= 5.10.*

Version 5.10.216

Status unaffected

Version <= 5.15.*

Version 5.15.158

Status unaffected

Version <= 6.1.*

Version 6.1.88

Status unaffected

Version <= 6.6.*

Version 6.6.29

Status unaffected

Version <= 6.8.*

Version 6.8.8

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.134

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37

https://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a

https://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270

https://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495

https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026

https://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad

https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37

https://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86

https://nvd.nist.gov/vuln/detail/CVE-2024-27000

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27000

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27000

EUVD