CVE-2024-39484

Name: CVE-2024-39484
Creator: NVD / NIST
Published: 2024-07-05T07:15:10.823+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.23%

Last modified Jun 17, 2026

CVE-2024-39484 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in reference: davinci_mmcsd_driver+0x10 (section: .data) -> davinci_mmcsd_remove (section: .exit.text)

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.23%

13.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-770

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.33
Linux	Linux Kernel	>= 5.10, < 5.10.221
Linux	Linux Kernel	>= 5.15, < 5.15.162
Linux	Linux Kernel	>= 6.1, < 6.1.95
Linux	Linux Kernel	>= 6.6, < 6.6.34
Linux	Linux Kernel	>= 6.9, < 6.9.5

References

https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584Mailing List, Patch
https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3Mailing List, Patch
https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873eMailing List, Patch
https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4Mailing List, Patch
https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6ebMailing List, Patch
https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1Mailing List, Patch
https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584Mailing List, Patch
https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3Mailing List, Patch
https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873eMailing List, Patch
https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4Mailing List, Patch
https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6ebMailing List, Patch
https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1Mailing List, Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Timeline

Published: Jul 5, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-39484?

How severe is CVE-2024-39484?

CVE-2024-39484 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.

How do I fix CVE-2024-39484?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-39484?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST