CVE-2024-39484: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-39484 is a vulnerability in the Linux kernel's MMC DaVinci driver that was discovered and disclosed on July 5, 2024. The issue affects the driver's cleanup functionality when CONFIGMMCDAVINCI is enabled as a built-in module. The vulnerability stems from incorrectly using the __exit attribute for the remove function, which causes the remove callback to be discarded, leading to improper cleanup when the device is unbound (NVD).

The vulnerability occurs in the DaVinci MMC/SD controller driver when the remove function is marked with _exit and CONFIGMMCDAVINCI=y is set. When a device gets unbound through sysfs or hotplug events, the driver removal process fails to execute the cleanup routine. This also manifests as a modpost warning indicating a section mismatch between davincimmcsddriver and davincimmcsd_remove. The issue has a CVSS v3.1 Base Score of 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability results in resource leaks when the DaVinci MMC driver is unbound from the system. This occurs because the cleanup routines are not properly executed during driver removal, potentially leading to system resource exhaustion over time (NVD).

The issue has been fixed by removing the __exit attribute from the remove function, allowing it to be compiled in unconditionally. The fix has been implemented across multiple kernel versions, including Ubuntu's kernel packages for versions 24.04 LTS, 22.04 LTS, 20.04 LTS, and 18.04 LTS (Ubuntu Security).