Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2024-43830: kernel: leds: trigger: Unregister sysfs attributes before calling deactivate() (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2024-43830: kernel: leds: trigger: Unregister sysfs attributes before calling deactivate() (Multiple Advisories)

Severity
6
CVSS
(AV:L/AC:L/Au:S/C:P/I:P/A:C)
Published
08/17/2024
Created
09/26/2024
Added
09/25/2024
Modified
09/25/2024

Description

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data. Move the device_remove_groups() call to before deactivate() to close this race window. This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling device_add_groups().

Solution(s)

  • redhat-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;