CVE-2024-38554
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix reference count leak issue of net_device
There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). When the ax25 device is shutting down, the ax25_dev_device_down() drops the reference count of net_device one or zero times depending on if we goto unlock_put or not, which will cause memory leak.
In order to solve the above issue, decrease the reference count of net_device after dev->ax25_ptr is set to null.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 3ec437f9bbae68e9b38115c4c91de995f73f6bad | affected |
| Linux | Linux | d01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 965d940fb7414b310a22666503d2af69459c981b | affected |
| Linux | Linux | d01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 8bad3a20a27be8d935f2aae08d3c6e743754944a | affected |
| Linux | Linux | d01ffb9eee4af165d83b08dd73ebdf9fe94a519b < eef95df9b752699bddecefa851f64858247246e9 | affected |
| Linux | Linux | d01ffb9eee4af165d83b08dd73ebdf9fe94a519b < 36e56b1b002bb26440403053f19f9e1a8bc075b2 | affected |
| Linux | Linux | ef0a2a0565727a48f2e36a2c461f8b1e3a61922d | affected |
| Linux | Linux | e2b558fe507a1ed4c43db2b0057fc6e41f20a14c | affected |
| Linux | Linux | 418993bbaafb0cd48f904ba68eeda052d624c821 | affected |
| Linux | Linux | 5ea00fc60676c0eebfa8560ec461209d638bca9d | affected |
| Linux | Linux | 9af0fd5c4453a44c692be0cbb3724859b75d739b | affected |
| Linux | Linux | 4.14.277 < 4.15 | affected |
| Linux | Linux | 4.19.240 < 4.20 | affected |
| Linux | Linux | 5.4.190 < 5.5 | affected |
| Linux | Linux | 5.10.112 < 5.11 | affected |
| Linux | Linux | 5.15.35 < 5.16 | affected |
| Linux | Linux | 5.17 | affected |
| Linux | Linux | 0 < 5.17 | unaffected |
| Linux | Linux | 6.1.93 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.33 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.12 <= 6.8.* | unaffected |
| Linux | Linux | 6.9.3 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad
- https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b
- https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a
- https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9
- https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad
- https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b
- https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a
- https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9
- https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.