CVE-2024-38602

In the Linux kernel, the following vulnerability has been resolved:

ax25: Fix reference count leak issues of ax25_dev

The ax25addrax25dev() and ax25devdevicedown() exist a reference count leak issue of the object "ax25dev".

Memory leak issue in ax25addrax25dev():

The reference count of the object "ax25dev" can be increased multiple times in ax25addr_ax25dev(). This will cause a memory leak.

Memory leak issues in ax25devdevice_down():

The reference count of ax25dev is set to 1 in ax25devdeviceup() and then increase the reference count when ax25dev is added to ax25devlist. As a result, the reference count of ax25dev is 2. But when the device is shutting down. The ax25devdevicedown() drops the reference count once or twice depending on if we goto unlockput or not, which will cause memory leak.

As for the issue of ax25addrax25dev(), it is impossible for one pointer to be on a list twice. So add a break in ax25addrax25dev(). As for the issue of ax25devdevicedown(), increase the reference count of ax25dev once in ax25devdeviceup() and decrease the reference count of ax25dev after it is removed from the ax25devlist.