CVE-2024-38554

ax25: Fix reference count leak issue of net_device

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ax25: Fix reference count leak issue of net_device

There is a reference count leak issue of the object "net_device" in
ax25_dev_device_down(). When the ax25 device is shutting down, the
ax25_dev_device_down() drops the reference count of net_device one
or zero times depending on if we goto unlock_put or not, which will
cause memory leak.

In order to solve the above issue, decrease the reference count of
net_device after dev->ax25_ptr is set to null.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: Solucionar el problema de fuga del recuento de referencias de net_device Hay un problema de fuga del recuento de referencias del objeto "net_device" en ax25_dev_device_down(). Cuando el dispositivo ax25 se está apagando, ax25_dev_device_down() elimina el recuento de referencia de net_device una o cero veces dependiendo de si vamos a unlock_put o no, lo que provocará una pérdida de memoria. Para resolver el problema anterior, reduzca el recuento de referencias de net_device después de que dev->ax25_ptr se establezca en nulo.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-08-28 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b	Vuln. Introduced
https://git.kernel.org/stable/c/ef0a2a0565727a48f2e36a2c461f8b1e3a61922d	Vuln. Introduced
https://git.kernel.org/stable/c/e2b558fe507a1ed4c43db2b0057fc6e41f20a14c	Vuln. Introduced
https://git.kernel.org/stable/c/418993bbaafb0cd48f904ba68eeda052d624c821	Vuln. Introduced
https://git.kernel.org/stable/c/5ea00fc60676c0eebfa8560ec461209d638bca9d	Vuln. Introduced
https://git.kernel.org/stable/c/9af0fd5c4453a44c692be0cbb3724859b75d739b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad	2024-06-12
https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b	2024-06-12
https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a	2024-05-30
https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9	2024-05-30
https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2	2024-05-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.277 Search vendor "Linux" for product "Linux Kernel" and version "4.14.277"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.240 Search vendor "Linux" for product "Linux Kernel" and version "4.19.240"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.190 Search vendor "Linux" for product "Linux Kernel" and version "5.4.190"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.112 Search vendor "Linux" for product "Linux Kernel" and version "5.10.112"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.35 Search vendor "Linux" for product "Linux Kernel" and version "5.15.35"		en		Affected