Vulnerability Details : CVE-2024-35986
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered
The power_supply frame-work is not really designed for there to be
long living in kernel references to power_supply devices.
Specifically unregistering a power_supply while some other code has
a reference to it triggers a WARN in power_supply_unregister():
WARN_ON(atomic_dec_return(&psy->use_cnt));
Folllowed by the power_supply still getting removed and the
backing data freed anyway, leaving the tusb1210 charger-detect code
with a dangling reference, resulting in a crash the next time
tusb1210_get_online() is called.
Fix this by only holding the reference in tusb1210_get_online()
freeing it at the end of the function. Note this still leaves
a theoretical race window, but it avoids the issue when manually
rmmod-ing the charger chip driver during development.
Products affected by CVE-2024-35986
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-35986
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-35986
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-29 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-35986 | 2024-05-20 |
CWE ids for CVE-2024-35986
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-35986
-
https://git.kernel.org/stable/c/bf6e4ee5c43690e4c5a8a057bbcd4ff986bed052
phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/9827caa5105fb16d1fae2e75c8d0e4662014b3ca
phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/73224a5d2180066c7fe05b4656647601ba08d588
phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/25b3498485ac281e5851700e33b97f12c9533fd8
phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to