CVE-2024-38602
ax25: Fix reference count leak issues of ax25_dev
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix reference count leak issues of ax25_dev
The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference
count leak issue of the object "ax25_dev".
Memory leak issue in ax25_addr_ax25dev():
The reference count of the object "ax25_dev" can be increased multiple
times in ax25_addr_ax25dev(). This will cause a memory leak.
Memory leak issues in ax25_dev_device_down():
The reference count of ax25_dev is set to 1 in ax25_dev_device_up() and
then increase the reference count when ax25_dev is added to ax25_dev_list.
As a result, the reference count of ax25_dev is 2. But when the device is
shutting down. The ax25_dev_device_down() drops the reference count once
or twice depending on if we goto unlock_put or not, which will cause
memory leak.
As for the issue of ax25_addr_ax25dev(), it is impossible for one pointer
to be on a list twice. So add a break in ax25_addr_ax25dev(). As for the
issue of ax25_dev_device_down(), increase the reference count of ax25_dev
once in ax25_dev_device_up() and decrease the reference count of ax25_dev
after it is removed from the ax25_dev_list.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: soluciona problemas de pérdida de recuento de referencias de ax25_dev. Ax25_addr_ax25dev() y ax25_dev_device_down() existen un problema de pérdida de recuento de referencias del objeto "ax25_dev". Problema de pérdida de memoria en ax25_addr_ax25dev(): el recuento de referencias del objeto "ax25_dev" se puede aumentar varias veces en ax25_addr_ax25dev(). Esto provocará una pérdida de memoria. Problemas de pérdida de memoria en ax25_dev_device_down(): el recuento de referencias de ax25_dev se establece en 1 en ax25_dev_device_up() y luego aumenta el recuento de referencias cuando se agrega ax25_dev a ax25_dev_list. Como resultado, el recuento de referencia de ax25_dev es 2. Pero cuando el dispositivo se está apagando. El ax25_dev_device_down() reduce el recuento de referencias una o dos veces dependiendo de si vamos a unlock_put o no, lo que provocará una pérdida de memoria. En cuanto al problema de ax25_addr_ax25dev(), es imposible que un puntero esté en una lista dos veces. Entonces agregue una interrupción en ax25_addr_ax25dev(). En cuanto al problema de ax25_dev_device_down(), aumente el recuento de referencias de ax25_dev una vez en ax25_dev_device_up() y disminuya el recuento de referencias de ax25_dev después de que se elimine de ax25_dev_list.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-08-28 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ef0a2a0565727a48f2e36a2c461f8b1e3a61922d | Vuln. Introduced | |
| https://git.kernel.org/stable/c/e2b558fe507a1ed4c43db2b0057fc6e41f20a14c | Vuln. Introduced | |
| https://git.kernel.org/stable/c/418993bbaafb0cd48f904ba68eeda052d624c821 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/5ea00fc60676c0eebfa8560ec461209d638bca9d | Vuln. Introduced | |
| https://git.kernel.org/stable/c/9af0fd5c4453a44c692be0cbb3724859b75d739b | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.17 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.93" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.17 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.6.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.17 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.8.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.17 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.9.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.17 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.14.277 Search vendor "Linux" for product "Linux Kernel" and version "4.14.277" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.19.240 Search vendor "Linux" for product "Linux Kernel" and version "4.19.240" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.4.190 Search vendor "Linux" for product "Linux Kernel" and version "5.4.190" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.10.112 Search vendor "Linux" for product "Linux Kernel" and version "5.10.112" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.15.35 Search vendor "Linux" for product "Linux Kernel" and version "5.15.35" | en |
Affected
| ||||||