CVE-2024-38633
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's MAX3100 serial driver. When the last MAX3100 device is removed and the driver is reloaded, the kernel fails to properly update a global variable, causing a kernel oops (crash) during subsequent probe operations. This affects systems using MAX3100 serial devices with the vulnerable driver.
💻 Affected Systems
- Linux kernel with MAX3100 serial driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot the system.
Likely Case
System crash when MAX3100 devices are removed and driver is reloaded, causing temporary denial of service until system reboot.
If Mitigated
No impact if MAX3100 devices are not used or if the vulnerable driver is not loaded.
🎯 Exploit Status
Exploitation requires ability to load/unload kernel modules and access to MAX3100 devices. Not remotely exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b, 361a92c9038e8c8c3996f8eeaa14522a8ad90752, 712a1fcb38dc7cac6da63ee79a88708fbf9c45ec, 9db4222ed8cd3e50b81c8b910ae74c26427a4003, b6eb7aff23e05f362e8c9b560f6ac5e727b70e00
Vendor Advisory: https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MAX3100 driver
linuxPrevent loading of vulnerable max3100 kernel module
echo 'blacklist max3100' >> /etc/modprobe.d/blacklist.conf
rmmod max3100
Avoid driver reload cycles
linuxDo not remove and reinsert MAX3100 devices or reload the driver module
🧯 If You Can't Patch
- Ensure only trusted users have permissions to load/unload kernel modules
- Monitor for kernel oops/crash events related to max3100 driver
🔍 How to Verify
Check if Vulnerable:
Check if max3100 module is loaded: lsmod | grep max3100. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test by loading/unloading max3100 module with MAX3100 device present.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning max3100_probe
- NULL pointer dereference errors at address 0000000000000408
- serial_core_register_port failures
SIEM Query:
source="kernel" AND ("max3100" OR "NULL pointer dereference" OR "serial_core_register_port")🔗 References
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72
- https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0
- https://git.kernel.org/stable/c/21a61a7fbcfdd3493cede43ebc7c4dfae2147a8b
- https://git.kernel.org/stable/c/361a92c9038e8c8c3996f8eeaa14522a8ad90752
- https://git.kernel.org/stable/c/712a1fcb38dc7cac6da63ee79a88708fbf9c45ec
- https://git.kernel.org/stable/c/9db4222ed8cd3e50b81c8b910ae74c26427a4003
- https://git.kernel.org/stable/c/b6eb7aff23e05f362e8c9b560f6ac5e727b70e00
- https://git.kernel.org/stable/c/e8a10089eddba40d4b2080c9d3fc2d2b2488f762
- https://git.kernel.org/stable/c/e8e2a4339decad7e59425b594a98613402652d72
- https://git.kernel.org/stable/c/fa84ca78b048dfb00df0ef446f5c35e0a98ca6a0
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
