LiveActive security incident?Get immediate response
CVE Record

CVE-2024-43830: leds: trigger: Unregister sysfs attributes before calling deactivate()

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data. Move the device_remove_groups() call to before deactivate() to close this race window. This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling device_add_groups().

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2024-43830 is a Linux kernel bug in LED trigger handling. A race during trigger shutdown can leave sysfs controls briefly reachable after related memory is freed. The sources do not provide a CVSS score, confirmed impact, or active exploitation evidence.

Executive priority

Treat as routine but necessary kernel patch management unless a vendor rates your product exposure higher. The main business risk is delayed remediation in embedded or appliance Linux fleets where kernel updates lag.

Technical view

The fix changes LED trigger deactivation order: unregister trigger-specific sysfs attribute groups before calling deactivate(). Previously, show/store handlers could run after deactivate() freed trigger data, creating a use-after-free race window in the kernel LED subsystem.

Likely exposure

Exposure is limited to Linux systems running affected kernel versions with relevant LED trigger sysfs functionality. Products embedding Linux, including vendor appliances, should be checked against their vendor kernel advisories.

Exploitation context

The source bundle shows no CISA KEV listing and no cited evidence of active exploitation. It also does not provide a public exploit, CVSS vector, or proven real-world impact.

Researcher notes

Evidence supports a kernel use-after-free race in LED trigger sysfs teardown ordering. The bundle does not establish privilege requirements, exploit reliability, affected configurations beyond listed Linux kernel versions, or post-compromise impact.

Mitigation direction

  • Apply fixed Linux stable kernel updates from your distribution or device vendor.
  • Review Debian LTS and other vendor advisories for packaged kernel status.
  • For appliances, check OEM advisories before assuming upstream kernel fixes are present.
  • Avoid direct wrangler or deployment implications; this is operating-system kernel maintenance.

Validation and detection

  • Inventory Linux kernel versions across servers, endpoints, appliances, and embedded devices.
  • Compare installed kernels against vendor advisories and listed stable kernel fixes.
  • Confirm patched systems are running the updated kernel after reboot.
  • For third-party products, request vendor confirmation of CVE-2024-43830 remediation.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-43830 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
12Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxa7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49, a7e7a3156300a7e1982b03cc9cb8fb0c86434c49unaffected
LinuxLinux4.19, 0, 4.19.320, 5.4.282, 5.10.224, 5.15.165, 6.1.103, 6.6.44, 6.10.3, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.