How severe is CVE-2024-49938?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-49938?

This is classified as CWE-824, which is a common weakness in software security.

CVE-2024-49938

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-824

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call. The syzbot report came from ath9k_hif_usb_reg_in_cb(), but there's a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we're at it.

CVE-2018-5860

MEDIUM

CVSS:5.5(Medium)

In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.

CWE-8242018

CVE-2019-5693

MEDIUM

CVSS:5.5(Medium)

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which m...

CWE-8242019

CVE-2020-1874

MEDIUM

CVSS:5.5(Medium)

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when...

CWE-8242020

CVE-2020-1875

MEDIUM

CVSS:5.5(Medium)

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer whe...

CWE-8242020

CVE-2021-41204

MEDIUM

CVSS:5.5(Medium)

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This resul...

CWE-8242021

CVE-2021-43746

MEDIUM

CVSS:5.5(Medium)

Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User...

CWE-8242021

CVE-2024-49938

Vulnerability Description

Related Vulnerabilities

CVE-2018-5860

CVE-2019-5693

CVE-2020-1874

CVE-2020-1875

CVE-2021-41204

CVE-2021-43746