CVE-2024-38611

MEDIUM

Linux kernel - Resource Leak

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WARNING: modpost: drivers/media/i2c/et8ek8/et8ek8: section mismatch in reference: et8ek8_i2c_driver+0x10 (section: .data) -> et8ek8_remove (section: .exit.text)

References (9)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

[Patch] https://git.kernel.org/stable/c/04d1086a62ac492ebb6bb0c94c1c8cb55f5d1f36

[Patch] https://git.kernel.org/stable/c/43fff07e4b1956d0e5cf23717507e438278ea3d9

[Patch] https://git.kernel.org/stable/c/545b215736c5c4b354e182d99c578a472ac9bfce

[Patch] https://git.kernel.org/stable/c/904db2ba44ae60641b6378c5013254d09acf5e80

[Patch] https://git.kernel.org/stable/c/963523600d9f1e36bc35ba774c2493d6baa4dd8f

[Patch] https://git.kernel.org/stable/c/c1a3803e5bb91c13e9ad582003e4288f67f06cd9

[Patch] https://git.kernel.org/stable/c/ece3fc1c10197052044048bea4f13cfdcf25b416

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (7)

linux/linux_kernel < 5.10.236

linux/Kernel < 5.10.236linux

linux/Kernel < 5.15.180linux

linux/Kernel < 6.1.133linux

linux/Kernel < 6.6.33linux

linux/Kernel < 6.8.12linux

linux/Kernel < 6.9.3linux

Timeline

Published Jun 19, 2024

Tracked Since Feb 18, 2026