{"uuid": "7a65dba7-5062-40fc-9e57-bb996144d939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44937", "type": "seen", "source": "https://t.me/cvedetector/4115", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44937 - Dell Venue 7140 Intel Virtual Switches Linux Kernel Double Registration Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-44937 \nPublished : Aug. 26, 2024, 11:15 a.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion  \n  \nSince commit e2ffcda16290 (\"ACPI: OSL: Allow Notify () handlers to run on  \nall CPUs\") ACPI notify handlers like the intel-vbtn notify_handler() may  \nrun on multiple CPU cores racing with themselves.  \n  \nThis race gets hit on Dell Venue 7140 tablets when undocking from  \nthe keyboard, causing the handler to try and register priv->switches_dev  \ntwice, as can be seen from the dev_info() message getting logged twice:  \n  \n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event  \n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17  \n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event  \n  \nAfter which things go seriously wrong:  \n[ 83.861872] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17'  \n...  \n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don't try to register things with the same name in the same directory.  \n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018  \n...  \n  \nProtect intel-vbtn notify_handler() from racing with itself with a mutex  \nto fix this. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T13:42:42.000000Z"}