{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-38602","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-18T19:36:34.933Z","datePublished":"2024-06-19T13:48:13.768Z","dateUpdated":"2025-05-04T12:56:51.840Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:56:51.840Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ax25/ax25_dev.c"],"versions":[{"version":"d01ffb9eee4af165d83b08dd73ebdf9fe94a519b","lessThan":"ae467750a3765dd1092eb29f58247950a2f9b60c","status":"affected","versionType":"git"},{"version":"d01ffb9eee4af165d83b08dd73ebdf9fe94a519b","lessThan":"38eb01edfdaa1562fa00429be2e33f45383b1b3a","status":"affected","versionType":"git"},{"version":"d01ffb9eee4af165d83b08dd73ebdf9fe94a519b","lessThan":"81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3","status":"affected","versionType":"git"},{"version":"d01ffb9eee4af165d83b08dd73ebdf9fe94a519b","lessThan":"1ea02699c7557eeb35ccff2bd822de1b3e09d868","status":"affected","versionType":"git"},{"version":"d01ffb9eee4af165d83b08dd73ebdf9fe94a519b","lessThan":"b505e0319852b08a3a716b64620168eab21f4ced","status":"affected","versionType":"git"},{"version":"ef0a2a0565727a48f2e36a2c461f8b1e3a61922d","status":"affected","versionType":"git"},{"version":"e2b558fe507a1ed4c43db2b0057fc6e41f20a14c","status":"affected","versionType":"git"},{"version":"418993bbaafb0cd48f904ba68eeda052d624c821","status":"affected","versionType":"git"},{"version":"5ea00fc60676c0eebfa8560ec461209d638bca9d","status":"affected","versionType":"git"},{"version":"9af0fd5c4453a44c692be0cbb3724859b75d739b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ax25/ax25_dev.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"6.1.93","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.33","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.12","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9.3","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.6.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.8.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.9.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.277"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.240"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.35"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c"},{"url":"https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a"},{"url":"https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3"},{"url":"https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868"},{"url":"https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced"}],"title":"ax25: Fix reference count leak issues of ax25_dev","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:12:26.063Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/ae467750a3765dd1092eb29f58247950a2f9b60c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/38eb01edfdaa1562fa00429be2e33f45383b1b3a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/81d8240b0a243b3ddd8fa8aa172f1acc2f7cc8f3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1ea02699c7557eeb35ccff2bd822de1b3e09d868","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b505e0319852b08a3a716b64620168eab21f4ced","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-38602","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:13:18.286377Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:53.956Z"}}]}}