// For flags

CVE-2024-38602

ax25: Fix reference count leak issues of ax25_dev

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ax25: Fix reference count leak issues of ax25_dev

The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference
count leak issue of the object "ax25_dev".

Memory leak issue in ax25_addr_ax25dev():

The reference count of the object "ax25_dev" can be increased multiple
times in ax25_addr_ax25dev(). This will cause a memory leak.

Memory leak issues in ax25_dev_device_down():

The reference count of ax25_dev is set to 1 in ax25_dev_device_up() and
then increase the reference count when ax25_dev is added to ax25_dev_list.
As a result, the reference count of ax25_dev is 2. But when the device is
shutting down. The ax25_dev_device_down() drops the reference count once
or twice depending on if we goto unlock_put or not, which will cause
memory leak.

As for the issue of ax25_addr_ax25dev(), it is impossible for one pointer
to be on a list twice. So add a break in ax25_addr_ax25dev(). As for the
issue of ax25_dev_device_down(), increase the reference count of ax25_dev
once in ax25_dev_device_up() and decrease the reference count of ax25_dev
after it is removed from the ax25_dev_list.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: soluciona problemas de pérdida de recuento de referencias de ax25_dev. Ax25_addr_ax25dev() y ax25_dev_device_down() existen un problema de pérdida de recuento de referencias del objeto "ax25_dev". Problema de pérdida de memoria en ax25_addr_ax25dev(): el recuento de referencias del objeto "ax25_dev" se puede aumentar varias veces en ax25_addr_ax25dev(). Esto provocará una pérdida de memoria. Problemas de pérdida de memoria en ax25_dev_device_down(): el recuento de referencias de ax25_dev se establece en 1 en ax25_dev_device_up() y luego aumenta el recuento de referencias cuando se agrega ax25_dev a ax25_dev_list. Como resultado, el recuento de referencia de ax25_dev es 2. Pero cuando el dispositivo se está apagando. El ax25_dev_device_down() reduce el recuento de referencias una o dos veces dependiendo de si vamos a unlock_put o no, lo que provocará una pérdida de memoria. En cuanto al problema de ax25_addr_ax25dev(), es imposible que un puntero esté en una lista dos veces. Entonces agregue una interrupción en ax25_addr_ax25dev(). En cuanto al problema de ax25_dev_device_down(), aumente el recuento de referencias de ax25_dev una vez en ax25_dev_device_up() y disminuya el recuento de referencias de ax25_dev después de que se elimine de ax25_dev_list.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-18 CVE Reserved
  • 2024-06-19 CVE Published
  • 2024-08-28 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.17 < 6.1.93
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.93"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.17 < 6.6.33
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.6.33"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.17 < 6.8.12
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.8.12"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.17 < 6.9.3
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.9.3"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.17 < 6.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.10"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.14.277
Search vendor "Linux" for product "Linux Kernel" and version "4.14.277"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.19.240
Search vendor "Linux" for product "Linux Kernel" and version "4.19.240"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.4.190
Search vendor "Linux" for product "Linux Kernel" and version "5.4.190"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.10.112
Search vendor "Linux" for product "Linux Kernel" and version "5.10.112"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.15.35
Search vendor "Linux" for product "Linux Kernel" and version "5.15.35"
en
Affected