PT-2024-28068 · Linux+7 · Linux Kernel+7

Dan Carpenter

Published

2024-05-09

Updated

2026-05-26

CVE-2024-38554

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference count leak issue exists in the ax25 dev device down() function, which can cause a memory leak when the ax25 device is shutting down. The issue arises because the ax25 dev device down() function drops the reference count of net device one or zero times, depending on whether it goes to unlock put or not. To solve this issue, the reference count of net device should be decreased after dev->ax25 ptr is set to null.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-11524

ALT-PU-2024-13979

ALT-PU-2024-14046

BDU:2025-03047

CVE-2024-38554

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1835

OESA-2024-1836

OESA-2024-1837

OESA-2024-1838

OESA-2024-1839

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-28068 · Linux+7 · Linux Kernel+7

CVE-2024-38554

Weakness Enumeration

Related Identifiers

Affected Products

References · 2906