CVE-2024-38554

Summary

In the Linux kernel, the following vulnerability has been resolved:

ax25: Fix reference count leak issue of net_device

There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). When the ax25 device is shutting down, the ax25_dev_device_down() drops the reference count of net_device one or zero times depending on if we goto unlock_put or not, which will cause memory leak.

In order to solve the above issue, decrease the reference count of net_device after dev->ax25_ptr is set to null.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 3ec437f9bbae68e9b38115c4c91de995f73f6badaffected
LinuxLinuxd01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 965d940fb7414b310a22666503d2af69459c981baffected
LinuxLinuxd01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 8bad3a20a27be8d935f2aae08d3c6e743754944aaffected
LinuxLinuxd01ffb9eee4af165d83b08dd73ebdf9fe94a519b < eef95df9b752699bddecefa851f64858247246e9affected
LinuxLinuxd01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 36e56b1b002bb26440403053f19f9e1a8bc075b2affected
LinuxLinuxef0a2a0565727a48f2e36a2c461f8b1e3a61922daffected
LinuxLinuxe2b558fe507a1ed4c43db2b0057fc6e41f20a14caffected
LinuxLinux418993bbaafb0cd48f904ba68eeda052d624c821affected
LinuxLinux5ea00fc60676c0eebfa8560ec461209d638bca9daffected
LinuxLinux9af0fd5c4453a44c692be0cbb3724859b75d739baffected
LinuxLinux4.14.277 < 4.15affected
LinuxLinux4.19.240 < 4.20affected
LinuxLinux5.4.190 < 5.5affected
LinuxLinux5.10.112 < 5.11affected
LinuxLinux5.15.35 < 5.16affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.8.12 <= 6.8.*unaffected
LinuxLinux6.9.3 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References