CVE-2024-44952 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2024-09-04

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-570.12.1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:6966	2025-05-13T00:00:00Z
kernel-0:5.14.0-570.12.1.el9_6	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:6966	2025-05-13T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-3912-1	linux security update
Ubuntu USN	USN-7088-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-5	Linux kernel vulnerabilities
Ubuntu USN	USN-7100-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7100-2	Linux kernel vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-44952
https://www.cve.org/CVERecord?id=CVE-2024-44952

History

Wed, 14 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Sat, 09 Nov 2024 10:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c https://git.kernel.org/stable/c/1cfc329304617838dc06f021bbbde3bc79cd655e https://git.kernel.org/stable/c/4749d336170dbb629e515a857e58a82e61c37a9c https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1 https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62 https://git.kernel.org/stable/c/92d847a35e1e41bceba13b8ac1f0e1b9dbe30d25 https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef https://git.kernel.org/stable/c/cfc72b86fa20cbf44d2b6cc27b35eb15080232ab https://git.kernel.org/stable/c/d4dba9a076838f3d0333a6a66efec2cdda90b2ee https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2 https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1 https://git.kernel.org/stable/c/fd28d9589460945985ef5333e9b942c4261f0826 https://git.kernel.org/stable/c/fe10c8367687c27172a10ba5cc849bd82077bd7d

Sat, 09 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== WARNING: possible circular locking dependency detected 6.10.0-rc7+ #275 Tainted: G OE N ------------------------------------------------------ modprobe/2374 is trying to acquire lock: ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220 but task is already holding lock: ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&cxl_root_key){+.+.}-{3:3}: __mutex_lock+0x99/0xc30 uevent_show+0xac/0x130 dev_attr_show+0x18/0x40 sysfs_kf_seq_show+0xac/0xf0 seq_read_iter+0x110/0x450 vfs_read+0x25b/0x340 ksys_read+0x67/0xf0 do_syscall_64+0x75/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e -> #0 (kn->active#6){++++}-{0:0}: __lock_acquire+0x121a/0x1fa0 lock_acquire+0xd6/0x2e0 kernfs_drain+0x1e9/0x200 __kernfs_remove+0xde/0x220 kernfs_remove_by_name_ns+0x5e/0xa0 device_del+0x168/0x410 device_unregister+0x13/0x60 devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1c7/0x210 driver_detach+0x47/0x90 bus_remove_driver+0x6c/0xf0 cxl_acpi_exit+0xc/0x11 [cxl_acpi] __do_sys_delete_module.isra.0+0x181/0x260 do_syscall_64+0x75/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e The observation though is that driver objects are typically much longer lived than device objects. It is reasonable to perform lockless de-reference of a @driver pointer even if it is racing detach from a device. Given the infrequency of driver unregistration, use synchronize_rcu() in module_remove_driver() to close any potential races. It is potentially overkill to suffer synchronize_rcu() just to handle the rare module removal racing uevent_show() event. Thanks to Tetsuo Handa for the debug analysis of the syzbot report [1].	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	driver core: Fix uevent_show() vs driver detach race	kernel: driver core: Fix uevent_show() vs driver detach race
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/1cfc329304617838dc06f021bbbde3bc79cd655e https://git.kernel.org/stable/c/4749d336170dbb629e515a857e58a82e61c37a9c https://git.kernel.org/stable/c/92d847a35e1e41bceba13b8ac1f0e1b9dbe30d25 https://git.kernel.org/stable/c/cfc72b86fa20cbf44d2b6cc27b35eb15080232ab https://git.kernel.org/stable/c/d4dba9a076838f3d0333a6a66efec2cdda90b2ee https://git.kernel.org/stable/c/fd28d9589460945985ef5333e9b942c4261f0826 https://git.kernel.org/stable/c/fe10c8367687c27172a10ba5cc849bd82077bd7d

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Wed, 04 Sep 2024 23:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024090411-CVE-2024-44952-6290@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-44952 https://www.cve.org/CVERecord?id=CVE-2024-44952
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 04 Sep 2024 18:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== WARNING: possible circular locking dependency detected 6.10.0-rc7+ #275 Tainted: G OE N ------------------------------------------------------ modprobe/2374 is trying to acquire lock: ffff8c2270070de0 (kn->active#6){++++}-{0:0}, at: __kernfs_remove+0xde/0x220 but task is already holding lock: ffff8c22016e88f8 (&cxl_root_key){+.+.}-{3:3}, at: device_release_driver_internal+0x39/0x210 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&cxl_root_key){+.+.}-{3:3}: __mutex_lock+0x99/0xc30 uevent_show+0xac/0x130 dev_attr_show+0x18/0x40 sysfs_kf_seq_show+0xac/0xf0 seq_read_iter+0x110/0x450 vfs_read+0x25b/0x340 ksys_read+0x67/0xf0 do_syscall_64+0x75/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e -> #0 (kn->active#6){++++}-{0:0}: __lock_acquire+0x121a/0x1fa0 lock_acquire+0xd6/0x2e0 kernfs_drain+0x1e9/0x200 __kernfs_remove+0xde/0x220 kernfs_remove_by_name_ns+0x5e/0xa0 device_del+0x168/0x410 device_unregister+0x13/0x60 devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1c7/0x210 driver_detach+0x47/0x90 bus_remove_driver+0x6c/0xf0 cxl_acpi_exit+0xc/0x11 [cxl_acpi] __do_sys_delete_module.isra.0+0x181/0x260 do_syscall_64+0x75/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e The observation though is that driver objects are typically much longer lived than device objects. It is reasonable to perform lockless de-reference of a @driver pointer even if it is racing detach from a device. Given the infrequency of driver unregistration, use synchronize_rcu() in module_remove_driver() to close any potential races. It is potentially overkill to suffer synchronize_rcu() just to handle the rare module removal racing uevent_show() event. Thanks to Tetsuo Handa for the debug analysis of the syzbot report [1].
Title		driver core: Fix uevent_show() vs driver detach race
References		https://git.kernel.org/stable/c/15fffc6a5624b13b428bb1c6e9088e32a55eb82c https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1 https://git.kernel.org/stable/c/4a7c2a8387524942171037e70b80e969c3b5c05b https://git.kernel.org/stable/c/4d035c743c3e391728a6f81cbf0f7f9ca700cf62 https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d https://git.kernel.org/stable/c/cd490a247ddf325325fd0de8898659400c9237ef https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2 https://git.kernel.org/stable/c/f098e8fc7227166206256c18d56ab622039108b1

Subscriptions

Redhat Enterprise Linux

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-09-04T18:35:52.250Z

Updated: 2024-11-09T10:04:18.067Z

Reserved: 2024-08-21T05:34:56.666Z

Link: CVE-2024-44952

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-09-04T19:15:30.213

Modified: 2024-11-09T10:15:04.710

Link: CVE-2024-44952

Redhat

Severity : Moderate

Publid Date: 2024-09-04T00:00:00Z

Links: CVE-2024-44952 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-667

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object