SB20240731184 - Input validation error in Linux kernel serial 8250 driver
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731184
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2024-42095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de
- https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b
- https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0
- https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b
- https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e
- https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37