CVE-2024-38554

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 10

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

ax25: Fix reference count leak issue of net_device

There is a reference count leak issue of the object "net_device" in
ax25_dev_device_down(). When the ax25 device is shutting down, the
ax25_dev_device_down() drops the reference count of net_device one
or zero times depending on if we goto unlock_put or not, which will
cause memory leak.

In order to solve the above issue, decrease the reference count of
net_device after dev->ax25_ptr is set to null.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-06-19 14:15:15
(2 months ago)
Updated Date: 2024-08-27 19:55:32
(2 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.17 version and prior 6.1.93 version	cpe:2.3:o:linux:linux_kernel	>= 5.17	< 6.1.93
Linux Kernel from 6.2 version and prior 6.6.33 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.33
Linux Kernel from 6.7 version and prior 6.8.12 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.8.12
Linux Kernel from 6.9 version and prior 6.9.3 version	cpe:2.3:o:linux:linux_kernel	>= 6.9	< 6.9.3