Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-50058

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-21 Oct, 2024 | 19:39
Updated At-05 Jan, 2026 | 10:54
Rejected At-
Credits

serial: protect uart_port_dtr_rts() in uart_shutdown() too

In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected "uart_port_dtr_rts(uport, false);" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports. Or it cannot be NULL at this point at all for some reason :P. Until the above is investigated, stay on the safe side and move this dereference to the if too. I got this inconsistency from Coverity under CID 1585130. Thanks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:21 Oct, 2024 | 19:39
Updated At:05 Jan, 2026 | 10:54
Rejected At:
▼CVE Numbering Authority (CNA)
serial: protect uart_port_dtr_rts() in uart_shutdown() too

In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected "uart_port_dtr_rts(uport, false);" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports. Or it cannot be NULL at this point at all for some reason :P. Until the above is investigated, stay on the safe side and move this dereference to the if too. I got this inconsistency from Coverity under CID 1585130. Thanks.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/tty/serial/serial_core.c
Default Status
unaffected
Versions
Affected
  • From af224ca2df297440448b9d407d21b50982c6d532 before 2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d (git)
  • From af224ca2df297440448b9d407d21b50982c6d532 before 399927f0f875b93f3d5a0336d382ba48b8671eb2 (git)
  • From af224ca2df297440448b9d407d21b50982c6d532 before d7b5876a6e74cdf8468a478be6b23f2f5464ac7a (git)
  • From af224ca2df297440448b9d407d21b50982c6d532 before e418d91195d29d5f9c9685ff309b92b04b41dc40 (git)
  • From af224ca2df297440448b9d407d21b50982c6d532 before 76ed24a34223bb2c6b6162e1d8389ec4e602a290 (git)
  • From af224ca2df297440448b9d407d21b50982c6d532 before 602babaa84d627923713acaf5f7e9a4369e77473 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/tty/serial/serial_core.c
Default Status
affected
Versions
Affected
  • 4.7
Unaffected
  • From 0 before 4.7 (semver)
  • From 5.10.229 through 5.10.* (semver)
  • From 5.15.170 through 5.15.* (semver)
  • From 6.1.115 through 6.1.* (semver)
  • From 6.6.57 through 6.6.* (semver)
  • From 6.11.4 through 6.11.* (semver)
  • From 6.12 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
N/A
https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2
N/A
https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a
N/A
https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40
N/A
https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290
N/A
https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473
N/A
Hyperlink: https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
N/A
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:21 Oct, 2024 | 20:15
Updated At:03 Nov, 2025 | 23:16

In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected "uart_port_dtr_rts(uport, false);" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports. Or it cannot be NULL at this point at all for some reason :P. Until the above is investigated, stay on the safe side and move this dereference to the if too. I got this inconsistency from Coverity under CID 1585130. Thanks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions before 6.6.57(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.11.4(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found