CVE-2024-38602

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25_dev The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference count leak issue of the object "ax25_dev". Memory leak issue in ax25_addr_ax25dev(): The reference count of the object "ax25_dev" can be increased multiple times in ax25_addr_ax25dev(). This will cause a memory leak. Memory leak issues in ax25_dev_device_down(): The reference count of ax25_dev is set to 1 in ax25_dev_device_up() and then increase the reference count when ax25_dev is added to ax25_dev_list. As a result, the reference count of ax25_dev is 2. But when the device is shutting down. The ax25_dev_device_down() drops the reference count once or twice depending on if we goto unlock_put or not, which will cause memory leak. As for the issue of ax25_addr_ax25dev(), it is impossible for one pointer to be on a list twice. So add a break in ax25_addr_ax25dev(). As for the issue of ax25_dev_device_down(), increase the reference count of ax25_dev once in ax25_dev_device_up() and decrease the reference count of ax25_dev after it is removed from the ax25_dev_list.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:26

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868 - Patch () https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868 - Patch
References () https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a - Patch () https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a - Patch
References () https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3 - Patch () https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3 - Patch
References () https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c - Patch () https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c - Patch
References () https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced - Patch () https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced - Patch

27 Aug 2024, 16:01

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868 - () https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868 - Patch
References () https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a - () https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a - Patch
References () https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3 - () https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3 - Patch
References () https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c - () https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c - Patch
References () https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced - () https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced - Patch
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE NVD-CWE-Other
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

20 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: soluciona problemas de pérdida de recuento de referencias de ax25_dev. Ax25_addr_ax25dev() y ax25_dev_device_down() existen un problema de pérdida de recuento de referencias del objeto "ax25_dev". Problema de pérdida de memoria en ax25_addr_ax25dev(): el recuento de referencias del objeto "ax25_dev" se puede aumentar varias veces en ax25_addr_ax25dev(). Esto provocará una pérdida de memoria. Problemas de pérdida de memoria en ax25_dev_device_down(): el recuento de referencias de ax25_dev se establece en 1 en ax25_dev_device_up() y luego aumenta el recuento de referencias cuando se agrega ax25_dev a ax25_dev_list. Como resultado, el recuento de referencia de ax25_dev es 2. Pero cuando el dispositivo se está apagando. El ax25_dev_device_down() reduce el recuento de referencias una o dos veces dependiendo de si vamos a unlock_put o no, lo que provocará una pérdida de memoria. En cuanto al problema de ax25_addr_ax25dev(), es imposible que un puntero esté en una lista dos veces. Entonces agregue una interrupción en ax25_addr_ax25dev(). En cuanto al problema de ax25_dev_device_down(), aumente el recuento de referencias de ax25_dev una vez en ax25_dev_device_up() y disminuya el recuento de referencias de ax25_dev después de que se elimine de ax25_dev_list.

19 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-19 14:15

Updated : 2024-11-21 09:26


NVD link : CVE-2024-38602

Mitre link : CVE-2024-38602

CVE.ORG link : CVE-2024-38602


JSON object : View

Products Affected

linux

  • linux_kernel