Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38602", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.933Z", "datePublished": "2024-06-19T13:48:13.768Z", "dateUpdated": "2025-05-04T12:56:51.840Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:56:51.840Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ax25/ax25_dev.c"], "versions": [{"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b", "lessThan": "ae467750a3765dd1092eb29f58247950a2f9b60c", "status": "affected", "versionType": "git"}, {"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b", "lessThan": "38eb01edfdaa1562fa00429be2e33f45383b1b3a", "status": "affected", "versionType": "git"}, {"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b", "lessThan": "81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3", "status": "affected", "versionType": "git"}, {"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b", "lessThan": "1ea02699c7557eeb35ccff2bd822de1b3e09d868", "status": "affected", "versionType": "git"}, {"version": "d01ffb9eee4af165d83b08dd73ebdf9fe94a519b", "lessThan": "b505e0319852b08a3a716b64620168eab21f4ced", "status": "affected", "versionType": "git"}, {"version": "ef0a2a0565727a48f2e36a2c461f8b1e3a61922d", "status": "affected", "versionType": "git"}, {"version": "e2b558fe507a1ed4c43db2b0057fc6e41f20a14c", "status": "affected", "versionType": "git"}, {"version": "418993bbaafb0cd48f904ba68eeda052d624c821", "status": "affected", "versionType": "git"}, {"version": "5ea00fc60676c0eebfa8560ec461209d638bca9d", "status": "affected", "versionType": "git"}, {"version": "9af0fd5c4453a44c692be0cbb3724859b75d739b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ax25/ax25_dev.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.1.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.8.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.9.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.277"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.240"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.190"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.112"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.35"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c"}, {"url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a"}, {"url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3"}, {"url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868"}, {"url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced"}], "title": "ax25: Fix reference count leak issues of ax25_dev", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:26.063Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:13:18.286377Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:53.956Z"}}]}}