CVE-2024-38554

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38554

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38554.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38554

Downstream

BELL-CVE-2024-38554

DEBIAN-CVE-2024-38554

OESA-2024-1835

OESA-2024-1836

OESA-2024-1837

OESA-2024-1838

OESA-2024-1839

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3483-1

UBUNTU-CVE-2024-38554

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Related

Published

2024-06-19T14:15:15Z

Modified

2025-08-09T20:01:26Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ax25: Fix reference count leak issue of net_device

There is a reference count leak issue of the object "netdevice" in ax25devdevicedown(). When the ax25 device is shutting down, the ax25devdevicedown() drops the reference count of netdevice one or zero times depending on if we goto unlock_put or not, which will cause memory leak.

In order to solve the above issue, decrease the reference count of netdevice after dev->ax25ptr is set to null.

References

Affected packages