CVE-2024-50058

serial: protect uart_port_dtr_rts() in uart_shutdown() too

Description

In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected "uart_port_dtr_rts(uport, false);" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports. Or it cannot be NULL at this point at all for some reason :P. Until the above is investigated, stay on the safe side and move this dereference to the if too. I got this inconsistency from Coverity under CID 1585130. Thanks.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2
https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a
https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40 patch
https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290 patch
https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473 patch

Frequently Asked Questions

What is the severity of CVE-2024-50058?
CVE-2024-50058 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50058?
To fix CVE-2024-50058, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50058 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50058 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50058?
CVE-2024-50058 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.