How severe is CVE-2024-38388?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2024-38388?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2024-38388 - LOW Severity | CVSS 3.3

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.

Related Vulnerabilities

CVE-2019-19057

LOW

CVSS:3.3(Low)

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory con...

CWE-4012019

CVE-2019-3815

LOW

CVSS:3.3(Low)

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_io...

CWE-4012019

CVE-2020-27755

LOW

CVSS:3.3(Low)

in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event the...

CWE-4012020

CVE-2020-3959

LOW

CVSS:3.3(Low)

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in...

CWE-4012020

CVE-2021-20193

LOW

CVSS:3.3(Low)

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from...

CWE-4012021

CVE-2021-3574

LOW

CVSS:3.3(Low)

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

CWE-4012021