CVE-2024-39501: drivers: core: synchronize really_probe() and dev_uevent()

Published Jul 12, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

drivers: core: synchronize reallyprobe() and devuevent()

Synchronize the dev->driver usage in reallyprobe() and devuevent(). These can run in different threads, what can result in the following race condition for dev->driver uninitialization:

Thread #1: ==========

reallyprobe() { ... probefailed: ... deviceunbindcleanup(dev) { ... dev->driver = NULL; // <= Failed probe sets dev->driver to NULL ... } ... }

Thread #2: ==========

devuevent() { ... if (dev->driver) // If dev->driver is NULLed from reallyprobe() from here on, // after above check, the system crashes addueventvar(env, "DRIVER=%s", dev->driver->name); ... }

reallyprobe() holds the lock, already. So nothing needs to be done there. devuevent() is called with lock held, often, too. But not always. What implies that we can't add any locking in devuevent() itself. So fix this race by adding the lock to the non-protected path. This is the path where above race is observed:

devuevent+0x235/0x380 ueventshow+0x10c/0x1f0 <= Add lock here devattrshow+0x3a/0xa0 sysfskfseqshow+0x17c/0x250 kernfsseqshow+0x7c/0x90 seqreaditer+0x2d7/0x940 kernfsfopreaditer+0xc6/0x310 vfsread+0x5bc/0x6b0 ksysread+0xeb/0x1b0 x64sysread+0x42/0x50 x64syscall+0x27ad/0x2d30 dosyscall64+0xcd/0x1d0 entrySYSCALL64afterhwframe+0x77/0x7f

Similar cases are reported by syzkaller in

https://syzkaller.appspot.com/bug?extid=ffa8143439596313a85a

But these are regarding the initialization of dev->driver

dev->driver = drv;

As this switches dev->driver to non-NULL these reports can be considered to be false-positives (which should be "fixed" by this commit, as well, though).

The same issue was reported and tried to be fixed back in 2015 in

https://lore.kernel.org/lkml/1421259054-2574-1-git-send-email-a.sangwan@samsung.com/

already.

Other sources

Linux Kernel is vulnerable to a denial of service, caused by a race condition in core.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

NVD

Affected Software

14 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
redhat/kernel<4.19.317
4.19.317
redhat/kernel<5.4.279
5.4.279
redhat/kernel<5.10.221
5.10.221
redhat/kernel<5.15.162
5.15.162
redhat/kernel<6.1.95
6.1.95
redhat/kernel<6.6.35
6.6.35
redhat/kernel<6.9.6
6.9.6
redhat/kernel<6.10
6.10

Remediation

Patch Available

https://git.kernel.org/linus/239378f16aa1ab5c502e42a06359d2de4f88ebb4

Patch Available

https://git.kernel.org/linus/c0a40097f0bc81deafc15f9195d1fb54595cd6d0

Event History

Jul 12, 2024
CVE Published
via MITRE·12:20 PM
Rejected
via MITRE·12:20 PM
Data Sourced
via NVD·01:15 PM
Description
Data Sourced
via Red Hat·01:22 PM
DescriptionSeverityAffected Software
Apr 27, 2025
Data Sourced
via Ubuntu·05:19 PM
RemedyDescriptionSeverityAffected Software
May 10, 2025
Rejected
via MITRE·02:14 PM

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-39501?

CVE-2024-39501 is categorized as a race condition vulnerability in the Linux kernel.

2

How do I fix CVE-2024-39501?

To mitigate CVE-2024-39501, upgrade your kernel to one of the fixed versions specified, such as 4.19.317 or 6.10.

3

Which versions of the Linux kernel are affected by CVE-2024-39501?

CVE-2024-39501 affects several versions of the Linux kernel prior to the patched versions listed.

4

What is the nature of the vulnerability in CVE-2024-39501?

CVE-2024-39501 involves a race condition between really_probe() and dev_uevent() functions.

5

Is CVE-2024-39501 specific to a certain Linux distribution?

CVE-2024-39501 impacts multiple Linux distributions, particularly those using affected kernel versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203