Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2024-26919) ELSA-2024-3618: kernel update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: (CVE-2024-26919) ELSA-2024-3618: kernel update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/17/2024
Created
06/07/2024
Added
06/06/2024
Modified
06/06/2024

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: Fix debugfs directory leak

The ULPI per-device debugfs root is named after the ulpi device's

parent, but ulpi_unregister_interface tries to remove a debugfs

directory named after the ulpi device itself. This results in the

directory sticking around and preventing subsequent (deferred) probes

from succeeding. Change the directory name to match the ulpi device.

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;