Vulnerabilities > CVE-2024-38554 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). When the ax25 device is shutting down, the ax25_dev_device_down() drops the reference count of net_device one or zero times depending on if we goto unlock_put or not, which will cause memory leak. In order to solve the above issue, decrease the reference count of net_device after dev->ax25_ptr is set to null.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad
- https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b
- https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a
- https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9
- https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2