CVE-2024-38615: cpufreq: exit() callback is optional
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: exit() callback is optional
The exit() callback is optional and shouldn't be called without checking a valid pointer first.
Also, we must clear freqtable pointer even if the exit() callback isn't present.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: exit() callback is optional
The Linux kernel CVE team has assigned CVE-2024-38615 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061922-CVE-2024-38615-0d4c@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by an error related to exit() callback being optional. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-38615?
CVE-2024-38615 has a moderate severity, as it may lead to system instability if the exit() callback is mishandled.
How do I fix CVE-2024-38615?
To fix CVE-2024-38615, update your kernel to version 5.4.278, 5.10.219, 5.15.161, 6.1.93, 6.6.33, 6.8.12, 6.9.3, 6.10 or specific patched versions provided by your distribution.
Which kernel versions are affected by CVE-2024-38615?
CVE-2024-38615 affects multiple kernel versions prior to 5.4.278, 5.10.219, 5.15.161, 6.1.93, and 6.6.33.
What component of the Linux kernel is affected by CVE-2024-38615?
CVE-2024-38615 specifically affects the cpufreq subsystem of the Linux kernel.
Is CVE-2024-38615 exploitable remotely?
CVE-2024-38615 is not typically exploitable remotely, requiring local access to the affected system for potential impact.