CVE-2024-43830

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43830

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43830.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43830

Downstream

BELL-CVE-2024-43830

DEBIAN-CVE-2024-43830

DLA-3912-1

DLA-4008-1

OESA-2024-2255

OESA-2024-2256

OESA-2024-2257

OESA-2024-2258

OESA-2024-2296

RHSA-2024:7000

RHSA-2024:9315

RHSA-2025:2490

RLSA-2024:7000

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

UBUNTU-CVE-2024-43830

USN-7088-1

USN-7088-2

USN-7088-3

USN-7088-4

USN-7088-5

USN-7100-1

USN-7100-2

USN-7119-1

USN-7123-1

USN-7144-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7194-1

USN-7196-1

Related

Published

2024-08-17T10:15:08Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

leds: trigger: Unregister sysfs attributes before calling deactivate()

Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback.

Calling deviceremovegroups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data.

Move the deviceremovegroups() call to before deactivate() to close this race window.

This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling deviceaddgroups().

References

Affected packages