| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 6.8.11/6.9.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component mt7996. The manipulation results in memory leak. This vulnerability is identified as CVE-2024-38563. There is not any exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 6.8.11/6.9.2. It has been classified as critical. Affected is some unknown processing of the component mt7996. The manipulation with an unknown input leads to a memory leak vulnerability. CWE is classifying the issue as CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is going to have an impact on availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.
The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2024-38563 since 06/18/2024. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 246976 (Linux Distros Unpatched Vulnerability : CVE-2024-38563), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.8.12 or 6.9.3 eliminates this vulnerability. Applying the patch 84e81f9b4818/ef46dbb93fc9/474b9412f33b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (246976) and CERT Bund (WID-SEC-2024-1418). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- IBM InfoSphere Guardium
- Oracle Linux
- Oracle VM
- IBM Security Guardium
- RESF Rocky Linux
- Broadcom Brocade SANnav
- Dell NetWorker
- Open Source Linux Kernel
- IBM QRadar SIEM
- Dell Avamar
- IBM Storage Scale
- Juniper Junos Space
- SolarWinds Security Event Manager
- Dell PowerProtect Data Domain
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.7VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory leakCWE: CWE-401 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 246976
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2024-38563
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.8.12/6.9.3
Patch: 84e81f9b4818/ef46dbb93fc9/474b9412f33b
Timeline
06/18/2024 🔍06/19/2024 🔍
06/19/2024 🔍
10/04/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-38563 (🔍)
GCVE (CVE): GCVE-0-2024-38563
GCVE (VulDB): GCVE-100-269016
CERT Bund: WID-SEC-2024-1418 - Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Entry
Created: 06/19/2024 17:09Updated: 10/04/2025 19:35
Changes: 06/19/2024 17:09 (57), 08/10/2025 05:07 (3), 10/04/2025 19:35 (7)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.

No comments yet. Languages: en.
Please log in to comment.